Maintained by: NLnet Labs

[Unbound-users] problem with NS

Michael MacNeill
Wed Jun 11 15:24:31 CEST 2014

Thank you Willem, unbound-host was extremely useful in tracking down 
this problem.

my first test with it came up with the correct answer with no problem.
   unbound-host -d

I then figured out that I could use the same configuration as the daemon
   unbound-host -C unbound.conf -d

and it failed. so something in the config file.
comment and retry until success.
that is when I discovered my giant brain fart.

When I set dns server up I grabbed a full featured config from somewhere.

I'm not sure where I got it, but you can see it here:

it includes the lines:
     # Enforce privacy of these addresses. Strips them away from answers.
     # It may cause DNSSEC validation to additionally mark it as bogus.
     # Protects against 'DNS Rebinding' (uses browser as network proxy).
     # Only 'private-domain' and 'local-data' names are allowed to have
     # these private addresses. No default.
     # private-address:
     # private-address:
     # private-address:
     # private-address:
     # private-address: fd00::/8
     # private-address: fe80::/10

and I uncommented them all. Except that
*    # private-address:**
***is not a private address space. and is in fact part of the address 
space used by

so using private-address is an effective way to black hole an IP address 

thanks for all the help.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>