I have a system with some kind of default installation, using
/etc/resolv.conf points to 127.0.0.1, and there is some config in /var/unbound, which contains the nameservers. If I put these nameservers into /etc/resolv.conf, things work correctly.
Otherwise I occasionally see this:
and
It happens randomly, about every third system boot. Restarting the unbound does not help, and it seems to be logging to nowhere.
Then, starting it in foreground with
What is going wrong here? Except that the CMOS lithium-cell is empty - or might that be the reason? Are these DNS security stuff bound to a validity timeframe?
local_unbound
./etc/resolv.conf points to 127.0.0.1, and there is some config in /var/unbound, which contains the nameservers. If I put these nameservers into /etc/resolv.conf, things work correctly.
Otherwise I occasionally see this:
Code:
kernel: Starting local_unbound.
kernel: Waiting for nameserver to start...
kernel: good
kernel: Wed Feb 1 01:00:55 CET 2017
kernel: Feb 1 01:00:55 ntpd[660]: error resolving pool 0.freebsd.pool.ntp.org: hostname nor servname provided, or not known (8)
and
Code:
# host google.com
Host google.com not found: 2(SERVFAIL)
It happens randomly, about every third system boot. Restarting the unbound does not help, and it seems to be logging to nowhere.
Then, starting it in foreground with
-d -d
gives these:
Code:
[1485911460] local-unbound[1887:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
[1485911460] local-unbound[1887:0] info: generate keytag query _ta-4f66. NULL IN
What is going wrong here? Except that the CMOS lithium-cell is empty - or might that be the reason? Are these DNS security stuff bound to a validity timeframe?