https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228210
--- Comment #3 from Patrick <doctorwho...@gmail.com> --- I've been busy the past week, so it wasn't until the weekend that I could follow up. I tried Dag-Erling's troubleshooting steps. Traceroute and drill definitely showed some problems. So I did a bunch of Googling, reading, and tinkering with my router and with config file settings. In the end, it turns out that the problem was that OpenDNS, the nameservers I had been using, do not support DNSSEC. Honestly I didn't realize that unbound was enabling DNSSEC by default. I had been using it only for the DNS caching. But once I changed the DNS nameservers being served by DHCP in my router to a nameserver that supports DNSSEC (Quad9), everything started working fine. So I feel a bit sheepish about opening this bug. But judging by the number of forum posts and some mailing list questions I found from other people who experienced this same problem, and the fact that the only solutions anyone offered was to disable DNSSEC (even if they didn't know that's what they were doing), it may be that this should be better documented somewhere. Unbound is advertised simply as a caching nameserver, so, like me, I suspect a lot of people are enabling it for that purpose, unaware of its DNSSEC features, and then they have no idea why DNS resolution isn't working. In any case, thank you for your help. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
