changeset 351:78a9c5946154

Handle DNS64 locally to fix DNSSEC issues Unbound passes a "DO" (DNSSEC Okay) flag to upstream servers, which means they don't synthesise DNS64 entries correctly for some domains. Doing this loses us redundancy (if :82: goes down we're DNS-less until a manual change) but at least we can resolve more DNS now
author IBBoard <dev@ibboard.co.uk>
date Fri, 02 Oct 2020 20:16:04 +0100
parents 85d2c0079af9
children 03a9bab1a56a
files common/unbound.conf-ibbvps
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/common/unbound.conf-ibbvps	Sun Sep 27 12:59:34 2020 +0100
+++ b/common/unbound.conf-ibbvps	Fri Oct 02 20:16:04 2020 +0100
@@ -5,6 +5,8 @@
 	access-control: 127.0.0.0/24 allow
 	access-control: ::1 allow
         verbosity: 1
+        module-config: "dns64 validator iterator"
+        dns64-prefix: 2a00:1098:0:82:1000:3a::/96
 
 forward-zone:
         name: "."