Maintained by: NLnet Labs

[Unbound-users] DNSSEC validation failure of .nl TLD

Sander Smeenk
Mon Oct 29 13:49:07 CET 2012

Quoting Leen Besselink (leen at

> > >>> verify rrset < DS IN>
> > >>> DS rrset in DS response did not verify
> > >>> validator operate: query < A IN>
> > >>> Could not establish a chain of trust to keys for < DNSKEY IN>

> > Just to let you know we are aware of this and investigating in.
> > Nothing to report further yet, though...

> As I mentioned before this was with an old version of Unbound, the bug
> is probably fixed already.  And if you want a log and a cache-dump
> mail me directly, I'll send it to you.

The issue with the .nl validation we've seen yesterday evening are not
related to Unbound or Unbound versions. People using different resolver
software also reported problems with the .nl zone.

SIDN is looking in to it and will probably release some formal
communication about it in due time. ;-)

| Recursive, adj.; See Recursive
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2