Bugzilla – Bug 327
Cannot access stub zones until the root is primed
Last modified: 2010-09-13 11:27:15 CEST
Created attachment 143 [details]
Unbound config with DNSSEC enabled and stub local zone lp0.eu
I have a stub local zone in unbound.conf but it cannot be used until the root is primed, so it doesn't work when unbound starts with an empty cache on a host that has no default route.
This host is the gateway so other hosts on the network depend on it for DNS, but it's impossible to resolve local hostnames until the default route is up. The inability to resolve the hostname of the gateway is very inconvenient for SSH access to the gateway before the default route becomes available (assuming it becomes available at all). It also causes problems for resolution of local hostnames on the gateway itself for services that start on boot.
It should be possible to access stub zones (and DNSSEC validate them if a trust-anchor-file is specified*) before the root is primed and without access to DLV.
Created attachment 144 [details]
Unbound log with DNSSEC enabled and stub local zone lp0.eu
Created attachment 145 [details]
Unbound config with DNSSEC disabled and stub local zone lp0.eu
Created attachment 146 [details]
Unbound log with DNSSEC disabled and stub local zone lp0.eu
Created attachment 147 [details]
Local trust anchors (valid until 2011-06-14)
Created attachment 148 [details]
Fake root hints file that refers to a server that won't respond to DNS queries
To make this work add a local-data entry with the routers own name.
Currently the unbound code must prime the root before doing any other recursive lookup.
Thank you for the report, Wouter
In the svn trunk of unbound (r2228) is a bugfix for this issue (works for config with DNSSEC and config without DNSSEC). Your config with DNSSEC is likely to display errors because the 5011-auto-probe for the root fails, however, that should fix itself when the network becomes available.