Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 May 2018 02:11:37 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 228210] 11.2-BETA1 - DNS resolution does not work with local_unbound; cannot ping with local_unbound disabled
Message-ID:  <bug-228210-7501-9CRSSgE6Gw@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-228210-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-228210-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228210

--- Comment #3 from Patrick <doctorwhoguy@gmail.com> ---
I've been busy the past week, so it wasn't until the weekend that I could
follow up. I tried Dag-Erling's troubleshooting steps. Traceroute and drill
definitely showed some problems. So I did a bunch of Googling, reading, and
tinkering with my router and with config file settings. In the end, it turns
out that the problem was that OpenDNS, the nameservers I had been using, do=
 not
support DNSSEC. Honestly I didn't realize that unbound was enabling DNSSEC =
by
default. I had been using it only for the DNS caching. But once I changed t=
he
DNS nameservers being served by DHCP in my router to a nameserver that supp=
orts
DNSSEC (Quad9), everything started working fine.

So I feel a bit sheepish about opening this bug. But judging by the number =
of
forum posts and some mailing list questions I found from other people who
experienced this same problem, and the fact that the only solutions anyone
offered was to disable DNSSEC (even if they didn't know that's what they we=
re
doing), it may be that this should be better documented somewhere. Unbound =
is
advertised simply as a caching nameserver, so, like me, I suspect a lot of
people are enabling it for that purpose, unaware of its DNSSEC features, and
then they have no idea why DNS resolution isn't working.

In any case, thank you for your help.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-228210-7501-9CRSSgE6Gw>