Maintained by: NLnet Labs

[Unbound-users] Hunting down validation failure

Jan Komissar (jkomissa)
Tue Feb 12 14:57:45 CET 2013


Hi Leo,

The address of ip-lookup.resrepublic.nl. is 192.168.30.150, which is a private address. Did you set the 'private-address' configuration setting to disallow private addresses?

HTH,

Jan.


> -----Original Message-----
> From: unbound-users-bounces at unbound.net [mailto:unbound-users-
> bounces at unbound.net] On Behalf Of Leo Baltus
> Sent: Tuesday, February 12, 2013 5:06 AM
> To: unbound-users at unbound.net
> Subject: [Unbound-users] Hunting down validation failure
> 
> Hi,
> 
> We are running unbound-1.4.19 (ldns-1.6.16) now for 2 weeks and we
> received out first complaint about a domain which we cannot explain:
> 
> 
> Feb 12 09:32:48 idgit13 unbound: [19974:3] info: validation failure
> <ip-lookup.resrepublic.nl. A IN>: no signatures from
> 2001:14a0:100:6::53 Feb 12 09:33:36 idgit14 unbound: [30373:2] info:
> validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from
> 2a01:7c8:a::53 Feb 12 09:37:08 idgit13 unbound: [19974:2] info:
> validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from
> 80.69.67.67 Feb 12 09:45:57 idgit13 unbound: [19974:1] info: validation
> failure <ip-lookup.resrepublic.nl. A IN>: no signatures from
> 217.115.203.194 Feb 12 09:46:28 idgit14 unbound: [30373:1] info:
> validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from
> 80.69.69.69 Feb 12 10:16:28 idgit13 unbound: [19974:3] info: validation
> failure <ip-lookup.resrepublic.nl. A IN>: no signatures from
> 2a01:7c8:b::53
> 
> Hower using drill (ldns-1.6.16):
> $ drill -DT -k root.key ip-lookup.resrepublic.nl
> 
> ;; No DNSKEY record found for ip-lookup.resrepublic.nl.
> [T] ip-lookup.resrepublic.nl.	3600	IN	A	192.168.30.150
> 
> Because of firewall-restrictions and the unability to bind() drill to
> an interface I am unable to run drill from the same machine as unbound
> is running, it is also compiled on a slightly different version of
> fedora.
> 
> Could somebody please explain what is going on?
> 
> --
> Leo Baltus, internetbeheerder                         /\
> NPO ICT Internet Services                            /NPO/\
> Sumatralaan 45, 1217 GP Hilversum, Filmcentrum, west \  /\/
> servicedesk at omroep.nl, 035-6773555                    \/
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users