Don't use dlv-anchor-file with unbound
According to the unbound.conf manpage this value should no longer be used. It creates lookaside queries for DNSSEC which introduces more servers which can fail on us. This is no longer necessary beacuse root servers have the appropriate DNSSEC configuration now. Follow the unbound suggestion and make unbound more reliable by avoiding DLV entirely. Change-Id: Ib6c0cf83bfdeb1eb2f6f22951fd44ce9839cab92
This commit is contained in:
parent
d51dc22535
commit
b8aeacb54d
|
@ -117,6 +117,13 @@ chmod a+x $rclocal
|
|||
|
||||
echo 'include: /etc/unbound/forwarding.conf' >> /etc/unbound/unbound.conf
|
||||
|
||||
# Disable dlv. Per the unbound.conf manpage this should not be used
|
||||
# anymore but is in use by some of our distros. The problem here is it
|
||||
# does lookasides for DNSSEC which increases the number of queries and
|
||||
# introduces more points of lookup failure. Disable it to avoid these
|
||||
# problems.
|
||||
sed -i -e 's/dlv-anchor-file:/#dlv-anchor-file:/g' /etc/unbound/unbound.conf
|
||||
|
||||
# This defaults file must be in place to work around this bug:
|
||||
# https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/988513
|
||||
# The issue is fixed for Xenial so this is only required for Trusty.
|
||||
|
|
Loading…
Reference in New Issue