Text only | Text with Images

OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: chemlud on August 17, 2020, 10:20:46 AM

Title: Qname minimisation not working in unbound?
Post by: chemlud on August 17, 2020, 10:20:46 AM
Hi!

I use DNS-over-TLS for some time now and in the past the test at

https://cmdns.dev.dns-oarc.net/

showed class A DNS, including qname minimisation with the following unbound "Custom options":

Code Select
server: tls-cert-bundle: "/etc/ssl/cert.pem"
do-tcp: yes
do-ip6: no
qname-minimisation: yes
qname-minimisation-strict: yes
harden-below-nxdomain: yes

forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr:a.b.c.d@853
forward-addr: f.g.h.j@853
forward-addr: c.v.b.n@853
forward-addr: r.t.z.u@853
forward-addr: d.f.g.h@853

But as I checked today again on 20.7.1 amd64 I have DNS class A

BUT NO qname minisation.

Code Select
7uapa3m09t75j76n875d4e4lhg QNAME Minimisation FAILURE

Any ideas why?
Title: Re: Qname minimisation not working in unbound?
Post by: chemlud on August 17, 2020, 03:10:42 PM
...3 further tests found no qname minisation, then, some minutes ago

I HAD qname minimisation, but right now again:

Code Select
9e5nntkvod6tv9k0e9fpuifo6c QNAME Minimisation DNS Features Failure

on-off? DNS is a mess...
Text only | Text with Images