From owner-freebsd-net@freebsd.org  Mon May 21 02:11:39 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD81AEAFA58
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Mon, 21 May 2018 02:11:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 7790A87501
 for <freebsd-net@freebsd.org>; Mon, 21 May 2018 02:11:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 3BEA6EAFA4C; Mon, 21 May 2018 02:11:38 +0000 (UTC)
Delivered-To: net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29408EAFA47
 for <net@mailman.ysv.freebsd.org>; Mon, 21 May 2018 02:11:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B9121874F8
 for <net@FreeBSD.org>; Mon, 21 May 2018 02:11:37 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 0455A1E914
 for <net@FreeBSD.org>; Mon, 21 May 2018 02:11:37 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4L2Ba7u065451
 for <net@FreeBSD.org>; Mon, 21 May 2018 02:11:36 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4L2Ba0D065447
 for net@FreeBSD.org; Mon, 21 May 2018 02:11:36 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 228210] 11.2-BETA1 - DNS resolution does not work with
 local_unbound; cannot ping with local_unbound disabled
Date: Mon, 21 May 2018 02:11:37 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 11.1-STABLE
X-Bugzilla-Keywords: regression
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: doctorwhoguy@gmail.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: des@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-228210-7501-9CRSSgE6Gw@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-228210-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-228210-7501@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2018 02:11:39 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228210

--- Comment #3 from Patrick <doctorwhoguy@gmail.com> ---
I've been busy the past week, so it wasn't until the weekend that I could
follow up. I tried Dag-Erling's troubleshooting steps. Traceroute and drill
definitely showed some problems. So I did a bunch of Googling, reading, and
tinkering with my router and with config file settings. In the end, it turns
out that the problem was that OpenDNS, the nameservers I had been using, do=
 not
support DNSSEC. Honestly I didn't realize that unbound was enabling DNSSEC =
by
default. I had been using it only for the DNS caching. But once I changed t=
he
DNS nameservers being served by DHCP in my router to a nameserver that supp=
orts
DNSSEC (Quad9), everything started working fine.

So I feel a bit sheepish about opening this bug. But judging by the number =
of
forum posts and some mailing list questions I found from other people who
experienced this same problem, and the fact that the only solutions anyone
offered was to disable DNSSEC (even if they didn't know that's what they we=
re
doing), it may be that this should be better documented somewhere. Unbound =
is
advertised simply as a caching nameserver, so, like me, I suspect a lot of
people are enabling it for that purpose, unaware of its DNSSEC features, and
then they have no idea why DNS resolution isn't working.

In any case, thank you for your help.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=