Bugzilla – Bug 239
module-config option require specific order
Last modified: 2009-03-20 11:45:34 CET
For the "module-config" option, setting to "validator iterator" or "iterator validator" has a different effect. The first one give the expected result. The second one makes the server answer SERVFAIL.
This is not stated in the man page that the order is important. unbound-checkconf does complain but it seems to be the only way to see this. I have spent the afternoon before understanding my mistake. There is no complain at all in the log (even with verbosity set to 4).
I'll document it. Thanks for the bug entry.
Ok. So this is normal behavior ?
Documented in man page.
The setting works, but this ordering is not supported. The effect seems to be that answers are fetched by the iterator, but because the validator cannot look at them, security status is not updated, and the answer is made bogus. Bogus answers are SERVFAIL. If you do +cdflag queries they work fine.
Best regards, Wouter