"
My setup right now is Unbound handling DNS.
I forward "example.com" to Dnsmasq with the setting (Forward First) and disallow Dnsmasq to use other nameservers.
This allows me to lookup serv01.example.com, that Dnsmaq replies with 192.168.1.10
And lookup serv02.example.com, that Dnsmasq does not know, and Unbound then asks out on the internet and get 80.80.80.80
Everything works - nearly.
Now If I ask for SSHFP records, that Dnsmasq does not know about. I get the records from cloudflare via Unbound, but Unbound does not set the flag
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
Which makes ssh fails when using sshfp.
If I disable the forward to Dnsmasq everything sshfp works because now Unbound sets, but I can no longer lookup local ip's
.... .... ..1. .... = Answer authenticated: Answer/authority portion was authenticated by the server
I forward "example.com" to Dnsmasq with the setting (Forward First) and disallow Dnsmasq to use other nameservers.
This allows me to lookup serv01.example.com, that Dnsmaq replies with 192.168.1.10
And lookup serv02.example.com, that Dnsmasq does not know, and Unbound then asks out on the internet and get 80.80.80.80
Everything works - nearly.
Now If I ask for SSHFP records, that Dnsmasq does not know about. I get the records from cloudflare via Unbound, but Unbound does not set the flag
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
Which makes ssh fails when using sshfp.
If I disable the forward to Dnsmasq everything sshfp works because now Unbound sets, but I can no longer lookup local ip's
.... .... ..1. .... = Answer authenticated: Answer/authority portion was authenticated by the server
