Bug 239 - module-config option require specific order
module-config option require specific order
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
1.2.1
Other Linux
: P2 normal
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-19 17:08 CET by Cedric Girard
Modified: 2009-03-20 11:45 CET (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Cedric Girard 2009-03-19 17:08:01 CET
For the "module-config" option, setting to "validator iterator" or "iterator validator" has a different effect. The first one give the expected result. The second one makes the server answer SERVFAIL.

This is not stated in the man page that the order is important. unbound-checkconf does complain but it seems to be the only way to see this. I have spent the afternoon before understanding my mistake. There is no complain at all in the log (even with verbosity set to 4).
Comment 1 Wouter Wijngaards 2009-03-19 17:26:13 CET
I'll document it. Thanks for the bug entry.
Comment 2 Cedric Girard 2009-03-19 17:27:46 CET
Ok. So this is normal behavior ?
Comment 3 Wouter Wijngaards 2009-03-20 11:34:44 CET
Documented in man page.

The setting works, but this ordering is not supported.  The effect seems to be that answers are fetched by the iterator, but because the validator cannot look at them, security status is not updated, and the answer is made bogus.  Bogus answers are SERVFAIL.  If you do +cdflag queries they work fine.

Best regards, Wouter
Comment 4 Cedric Girard 2009-03-20 11:45:34 CET
Thanks