On Thu, Jun 09, 2016 at 02:31:17PM -0400, Lowell Gilbert wrote:
> Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
>
> > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote:
> >
> >> Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> >>
> >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote:
> >> >
> >> >> I doubt that will happen as you are asking to pollute
every release
> >> >> installation for an edge condition when there is
numerous work arounds
> >> >> that would be acceptable to most. eg two lines in
rc.conf will fix the
> >> >> issue.
> >> >
> >> > This manual editing will be required by every install on RPi,
for
> >> > example.
> >>
> >> No, it won't. Most people will just give the system a valid
DNS
> >> configuration, and the clock will not be an issue.
> >
> > What invalid in my DNS configuration?
>
> You said that you configured 127.0.0.1 as your DNS server. You didn't
> say how (or rather where) you did that, but if you had used the address
> of a working upstream recursive server, I suspect there wouldn't have
> been any problem.
Configuring 127.0.0.1 as DNS server and enabling loacal_unbound cause
unbound acts as recursive resolver. This is conventional setup.
("No forwarders found in resolv.conf, unbound will recurse."
-- from /usr/sbin/local-unbound-setup)
Using upstream recursive server with local unbound will cause same
problem, IMHO, because unbound will be enfocing DNSSEC by the same
way and rejecting all answers from upstream.