Quoting Joachim Fahrner (j...@fahrner.name):
> Am 2017-07-05 09:43, schrieb Joachim Fahrner:
>
> >Jul 5 09:37:46 server unbound: [22751:0] info: NSEC3s for the
> >referral proved no DS.
>
> Could it be that my problem has to do with DNSSEC?
Obviously, you could test this hypothesis by disabling DNSSEC support
for testing purposes. I tend to think 'no', however.
I hesitate to suggest this, because the resemblance to flailing around
changing things without a credible theory is uncomfortably close, _but_,
it's possible you might need to tweak timeout settings in unbound.conf.
E.g.:
edns-buffer-size: <number>
Number of bytes size to advertise as the EDNS reassembly buffer
size. This is the value put into datagrams over UDP towards
peers. The actual buffer size is determined by msg-buffer-size
(both for TCP and UDP). Do not set higher than that value.
Default is 4096 which is RFC recommended. If you have fragmen-
tation reassembly problems, usually seen as timeouts, then a
value of 1480 can fix it.
https://www.unbound.net/documentation/unbound.conf.html
You'll want to look broadly at option documentation, and look at this
page carefully.
https://www.unbound.net/documentation/info_timeout.html
Part of what makes me uneasy is: Why just on one domain, and (AFAIK)
just on your Unbound instance?
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
