Maintained by: NLnet Labs

[Unbound-users] DNSSEC problems

W.C.A. Wijngaards
Mon Jun 11 09:17:11 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi David,

You can pass -v or even -vvvv to unbound-anchor, more verbosity.

You forward to 127.0.0.1 and get your DNS info there.  The server
that runs in 127.0.0.1 (is not this unbound) does not seem to
support DNSSEC, it returns no signatures?  Do you need to enable
dnssec on that server?

On 06/11/2012 01:04 AM, David Benfell wrote:
> Hi Leen,
> 
> On 06/10/12 14:07, Leen Besselink wrote:
>> dig +norec +dnssec @193.0.14.129 . NS
> 
> It's not a Mac. It's a Linode running Arch Linux. Here is what I
> get from the above:
> 
> atlanta% dig +norec +dnssec @193.0.14.129 . NS

- From this output I think that if you remove that 'forward' clause
from your config, unbound should work.

Best regards,
   Wouter

> 
> ; <<>> DiG 9.9.1-P1 <<>> +norec +dnssec @193.0.14.129 . NS ; (1
> server found) ;; global options: +cmd ;; Got answer: ;;
> ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40667 ;; flags: qr
> aa; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 23
> 
> ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;;
> QUESTION SECTION: ;.				IN	NS
> 
> ;; ANSWER SECTION: .			518400	IN	NS	a.root-servers.net. .			518400
> IN	NS	b.root-servers.net. .			518400	IN	NS	c.root-servers.net. .
> 518400	IN	NS	d.root-servers.net. .			518400	IN	NS
> e.root-servers.net. .			518400	IN	NS	f.root-servers.net. .			518400
> IN	NS	g.root-servers.net. .			518400	IN	NS	h.root-servers.net. .
> 518400	IN	NS	i.root-servers.net. .			518400	IN	NS
> j.root-servers.net. .			518400	IN	NS	k.root-servers.net. .			518400
> IN	NS	l.root-servers.net. .			518400	IN	NS	m.root-servers.net. .
> 518400	IN	RRSIG	NS 8 0 518400 20120617000000 20120609230000 56158 .
> MlnKSG0qYXx8HZezESRIyOjnK9vInEVT5MLeEcw46Bvw1O4VPc/rpgVY 
> 2kvi7+V51paxamrwZv7lrxlVpAopHyRayslBCjeZOoAMW0w7F8bQaJPF 
> NC99eiiaDpdR6mW4lkKnWeIkNwVmTVgH93INKZhYA+QLzSXwYfi1bvYR 83o=
> 
> ;; ADDITIONAL SECTION: a.root-servers.net.	518400	IN	A	198.41.0.4 
> b.root-servers.net.	518400	IN	A	192.228.79.201 c.root-servers.net.
> 518400	IN	A	192.33.4.12 d.root-servers.net.	518400	IN	A
> 128.8.10.90 e.root-servers.net.	518400	IN	A	192.203.230.10 
> f.root-servers.net.	518400	IN	A	192.5.5.241 g.root-servers.net.
> 518400	IN	A	192.112.36.4 h.root-servers.net.	518400	IN	A
> 128.63.2.53 i.root-servers.net.	518400	IN	A	192.36.148.17 
> j.root-servers.net.	518400	IN	A	192.58.128.30 k.root-servers.net.
> 518400	IN	A	193.0.14.129 l.root-servers.net.	518400	IN	A
> 199.7.83.42 m.root-servers.net.	518400	IN	A	202.12.27.33 
> a.root-servers.net.	518400	IN	AAAA	2001:503:ba3e::2:30 
> d.root-servers.net.	518400	IN	AAAA	2001:500:2d::d 
> f.root-servers.net.	518400	IN	AAAA	2001:500:2f::f 
> h.root-servers.net.	518400	IN	AAAA	2001:500:1::803f:235 
> i.root-servers.net.	518400	IN	AAAA	2001:7fe::53 j.root-servers.net.
> 518400	IN	AAAA	2001:503:c27::2:30 k.root-servers.net.	518400	IN
> AAAA	2001:7fd::1 l.root-servers.net.	518400	IN	AAAA	2001:500:3::42 
> m.root-servers.net.	518400	IN	AAAA	2001:dc3::35
> 
> ;; Query time: 135 msec ;; SERVER: 193.0.14.129#53(193.0.14.129) ;;
> WHEN: Sun Jun 10 16:02:38 2012 ;; MSG SIZE  rcvd: 857
> 
> atlanta%
> 
> Thanks!
> 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP1Zt3AAoJEJ9vHC1+BF+NRAgP/2jv5qMpj8yvbUWPub2rnuTv
knx98+k1KIruwAdkt/B+RZgJ+OIipfB0xjKARgCk/s4z6cQtyZtG1iFoPWySS5sU
RDFSRBAYkf48/qvIH1aXEp+29pn7eDOISj1KTYieii4irouyKXLJgNUE60cFWTKU
5iAu/ZmFGU1ovnE4Jv2/fQgWuyGP7XefQi7T8T8TG64EpqeQPQPTcoa1AqXWOXkz
6ggklIZ+Qtsgwf9cJF9xw++SH+RPq3b+C806auaUGS/d7ChVZImu/KTroi2kuTGU
YYW7+mHSRrBe0WbOJPyfexP8D1qniXpCB2K0bokkUDg4KLHIwHbiZmdAEeh2Z/r2
KMNCjCgxudPhqdWXESfV+jCCYGEvj2SiplgiWfoctNyvVwNNJqn9H6SoJEJMmh8k
A8ZAh7ZGEDuJYutKir8RoxMBTyKz8zX4VKm5rClLghYsnyA0o7GcD85HnyBKe5Og
MrCEwix2kLBU4Se9wIfSspDF226xmqxZefVj5sWOa8SnmP7+lxAzWya/krvKV+kq
VKcvnv0DdTdNVMToSV4EL2ERPi/EO5eWaJk2GH2iPUY1E3DtUPAr4RxPohiHXDqQ
97W9aX6BH3us5TSIYpgaldqUI8k/NeybQpVjRBDYjsZIxZvdRXuScQJyIkrf9EFn
V/K+qhk61Yo1u+jC1cau
=37gT
-----END PGP SIGNATURE-----