# Bind 9.10.3 Forwarding to Unblock-Us



## denrad (Sep 24, 2015)

Recently there was an update to ports to BIND 9.10.3 from the previous version BIND 9.10.2-P4

I run BIND on two FreeBSD 10.2 systems.
BIND is authoritative for two Internet DNSSEC domains and is also the resolver for my LAN.

Since updating to 9.10.3,and with no changes to the system or BIND configuration, BIND on one server causes numerous Internet name resolution failures.

Disabling DNSSEC validation by changing in named.conf

```
dnssec-validation auto;
```
to

```
dnssec-validation no;
```
allows resolving to succeed.

BIND on the second server appears to be unaffected and resolves Internet domains fine after the update with dnssec-validation auto;. The BIND configurations between the two servers are virtually identical as are the file permissions.

Downgrading back to BIND 9.10.2-P4 allows resolving with dnssec-validation auto; to work perfectly as it did prior to the update.

I am not sure how to troubleshoot this issue.  Can anyone offer any suggestions?


----------



## denrad (Sep 25, 2015)

I have determined that the issue is with forwarding to Unblock-Us
Seems the update to BIND 9.10.3 introduced some kind of incompatibility with their service when dnssec-validation is enabled.
Configuring root hints or forwarding to Google public DNS servers works perfectly with dnssec-validation.
Therefore this thread can now be considered an FYI


----------

