Maintained by: NLnet Labs

[Unbound-users] Hunting down validation failure

Leo Baltus
Tue Feb 12 11:06:17 CET 2013


Hi,

We are running unbound-1.4.19 (ldns-1.6.16) now for 2 weeks and we
received out first complaint about a domain which we cannot explain:


Feb 12 09:32:48 idgit13 unbound: [19974:3] info: validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from 2001:14a0:100:6::53
Feb 12 09:33:36 idgit14 unbound: [30373:2] info: validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from 2a01:7c8:a::53
Feb 12 09:37:08 idgit13 unbound: [19974:2] info: validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from 80.69.67.67
Feb 12 09:45:57 idgit13 unbound: [19974:1] info: validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from 217.115.203.194
Feb 12 09:46:28 idgit14 unbound: [30373:1] info: validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from 80.69.69.69
Feb 12 10:16:28 idgit13 unbound: [19974:3] info: validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from 2a01:7c8:b::53

Hower using drill (ldns-1.6.16):
$ drill -DT -k root.key ip-lookup.resrepublic.nl

;; No DNSKEY record found for ip-lookup.resrepublic.nl.
[T] ip-lookup.resrepublic.nl.	3600	IN	A	192.168.30.150

Because of firewall-restrictions and the unability to bind() drill to an
interface I am unable to run drill from the same machine as unbound is
running, it is also compiled on a slightly different version of fedora.

Could somebody please explain what is going on?

-- 
Leo Baltus, internetbeheerder                         /\
NPO ICT Internet Services                            /NPO/\
Sumatralaan 45, 1217 GP Hilversum, Filmcentrum, west \  /\/
servicedesk at omroep.nl, 035-6773555                    \/