Maintained by: NLnet Labs

[Unbound-users] DNSSEC problems

David Benfell
Mon Jun 11 22:46:12 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/11/12 13:30, Leen Besselink wrote:
> dig +dnssec test.dnssec-or-not.net TXT

atlanta# rc.d restart unbound
:: Stopping unbound daemon

                                                  [DONE]
:: Starting unbound daemon

                                                  [DONE]
atlanta# dig +dnssec test.dnssec-or-not.net TXT

; <<>> DiG 9.9.1-P1 <<>> +dnssec test.dnssec-or-not.net TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53853
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;test.dnssec-or-not.net.		IN	TXT

;; Query time: 2017 msec
;; SERVER: 10.8.0.1#53(10.8.0.1)
;; WHEN: Mon Jun 11 13:38:34 2012
;; MSG SIZE  rcvd: 51

The log says:

Jun 11 13:38:34 atlanta unbound: [11057:0] info: validation failure
<test.dnssec-or-not.net. TXT IN>: no DNSSEC records from 72.13.58.79
for DS 33c708d2d35e41e0.dnssec-or-not.net. while building chain of trust

And,

atlanta# dig -x 72.13.58.79

; <<>> DiG 9.9.1-P1 <<>> -x 72.13.58.79
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4862
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;79.58.13.72.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
79.58.13.72.in-addr.arpa. 86400	IN	PTR	dnssec-or-not-ns4.verisignlabs.com.

;; AUTHORITY SECTION:
58.13.72.in-addr.arpa.	86400	IN	NS	ns3.verisign-grs.net.
58.13.72.in-addr.arpa.	86400	IN	NS	ns2.verisign-grs.net.
58.13.72.in-addr.arpa.	86400	IN	NS	ns1.verisign-grs.net.
58.13.72.in-addr.arpa.	86400	IN	NS	ns4.verisign-grs.net.

;; Query time: 727 msec
;; SERVER: 10.8.0.1#53(10.8.0.1)
;; WHEN: Mon Jun 11 13:40:43 2012
;; MSG SIZE  rcvd: 189

Just not sure what to make of that.

As for the other, I tried clearing the browsing history and the cache
but the result is the same.

- -- 
David Benfell
benfell at parts-unknown.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP1lkUAAoJELT202JKF+xpxbwP/1koRIwEvDM7aMHJEgGu0kbN
pME9OnCsBR8J7FKDncvr5JvHXvZ9Ar7Whenn09QHmwwHA2XYvqosGlbgYcMOBpgy
15RDSd6HUGX2WxDhDLtFGsU1t02c4nsJHlsu+skNTlEo7edb7LDBfzQVddpomN39
oZsxjMM4zrkGu3MqBKDwSYOSIJ3/SaXnzRGPNFMfHyhCeCBTbdOWbfcZKBVFRp4+
PldT7VEJAlu0u4Dmz8r9VIsQS3QqjQJpJI5dywRPqypwTXUqiLvfdT9ZVG4P5bSS
t+psb92DrxEsT9z8o5bK1bd4s17ryDvekqSI6i8T+KDHbqalNXrrQgLvXuedYAah
CU3imh6lOSCCe0oJSvTfw5MjNUbxP/ulZk+EYvAVXz9EOzBxxXCZGsaarD8mfrWZ
ZvFIby/LNPG4uQu5pKpuYy+rpA91l5wPZx97vH88N/LrZj/bHgEky6o2BlmSy96e
Rk6rO4GJyCzIB5MkZG0I1/465N1zERd+L9BAwwnENI/zBDnrBWxebNdVxm6O9m1U
lbRHZ6WdSvZlQ3PitWT8Eo1By1bpBLVkHPe72T5t2YN2YbPESqM+m14JIHFx/1H1
7X2EkTvLKiyLyY9MzRnUfbNl38wts/oyVmp5VkUdBHReXf6+4Un/hy6YE5xxBvn+
CbFZKo44lNIzWGTf56wo
=yNp+
-----END PGP SIGNATURE-----