Maintained by: NLnet Labs

[Unbound-users] Validation failure a.root-servers.net !?

W.C.A. Wijngaards
Mon Mar 19 16:56:08 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Augie,

On 03/18/2012 04:52 AM, Augie Schwer wrote:
> We started seeing these today from 1425 PST to 1532 PST :
> 
> Mar 17 14:45:27 a unbound: [7326:0] info: validation failure 
> <a.root-servers.net. A IN>: no DNSSEC records from 128.8.10.90 for
> DS root-servers.net. while building chain of trust
> 

This is a bug in unbound where it can fail to lookup DS records for
grandchild zones depending on cache contents.  Fix in svn trunk, it
looks up the nameservers of the parent domain.

A restart would likely mean you are no longer in this state; or dig
net. SOA would also fixup the cache.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPZ1cXAAoJEJ9vHC1+BF+NkRcP/iSmIUYkb6fpXKy3OYmuS4Ln
Ejr2Jqeud9fCz9grWtYWQWM2j4i/WB7EH6ih8jV0JyeCLn3feOFQiFlK04C4Z2ae
tTHHArT2SiCn4pc4D+FQB366wVML9hibvOET3oxlf0kaLyOgqXd9ArxKqB8IBHZO
gh4lU+hfO/vvL0xWIcBOmKX28342oA9eGE+FSJeTAYdFbZtpCtXa8Ttw8wEvre/L
MKGpXxotJ0GCySKIzGovr4HQVJxPS1euQdcV6lu/MqGKCo9yjjgc8ITsBSpd7dJd
M5K1swquni4kWJtVnOGWWKeZJe67P1Sr/1K9L/jVq6FiPgQLKSz8rac5uteBgoWm
LP7OaflNZ2HrdjXQHU3BUCvmvJGZMWJFxR8Zb7nLaRn6EyuUJZ+wuHcb3L29D6xi
RvdfvKFOsuWwKj3t78Qb5K+EdfwszOSUwdHluKlLgBmFFD575WWnI5ciJ6C7cz3t
qC89KZIKBzhJJFmRtdc9KVtiOLdOTrLrww3TOPUAfAunM/OqagoRKHiUvMLpGBJ5
U8oLDV37K4JSeaEgUIUQfQL/HO0MerCgXlYKEx0mM4z+nUzr3Ck7plzneWyWrKTs
NGKORaTeQloOWqYerjLyZMzmb+ajBWW1jt4npHP3tJJEhMgJ4huHNkS2dsmWMlls
e9tO1o3GBjZs6M7v1a9/
=di6R
-----END PGP SIGNATURE-----