Jetzt nochmal:
Hallo Wilfried,
ich hab das so gemacht, wie Dominik es beschrieben hat:
In der /etc/init.d/unbound (auf IPFire)
alles im Bereich test_nameservers auskommentiert, außer einer Zeile mit
return=2
test_name_server() {
local ns=${1}
local args
# Return codes:
# 0 DNSSEC validating
# 1 Error: unreachable, etc.
# 2 DNSSEC aware
# 3 NOT DNSSEC-aware
# aukommentiert HIB August 2018
# Exit when the server is not reachable
#ns_is_online ${ns} || return 1
return=2
# Determine the maximum edns buffer size that works
#local edns_buffer_size=$(ns_determine_edns_buffer_size ${ns})
#if [ -n "${edns_buffer_size}" ]; then
# args="${args} +bufsize=${edns_buffer_size}"
#fi
#local errors
#for rr in DNSKEY DS RRSIG; do
#if ! ns_forwards_${rr} ${ns} ${args}; then
#errors="${errors} ${rr}"
#fi
#done
#if [ -n "${errors}" ]; then
#echo >&2 "Unable to retrieve the following resource records from ${ns}:
${errors:1}"
#return 3
#fi
#if ns_is_validating ${ns} ${args}; then
# Return 0 if validating
#return 0
#else
# Is DNSSEC-aware
#return 2
#fi
}Und in der /etc/unbound/unbound.conf
val-permissive-mode: no
auf
val-permissive-mode: yes
gesetzt.
Danach IPfre rebootet.
LG
Holger