Maintained by: NLnet Labs

[Unbound-users] TTL 0: dropped msg from cache

Miguel Clara
Thu Mar 13 19:44:29 CET 2014


yeah FreeBSD 10 removed dig from base, but I guess I can install the tools!

The time on the router is set to GMT and shows one hour after m local
machine,
My local time now is: Thu Mar 13 18:40:23 WET 2014


I tried "domain-insecure: "local""

And this seems to make it work

% drill +dnssec @127.0.0.1 yoda.geek.local. A
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 31171
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; yoda.geek.local.     IN      A

;; ANSWER SECTION:
yoda.geek.local.        39      IN      A       10.10.50.50

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Thu Mar 13 18:43:54 2014
;; MSG SIZE  rcvd: 49


% drill -D @127.0.0.1 yoda.geek.local. A

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 49043
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; yoda.geek.local.     IN      A

;; ANSWER SECTION:
yoda.geek.local.        36      IN      A       10.10.50.50

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; EDNS: version 0; flags: do ; udp: 4096
;; SERVER: 127.0.0.1
;; WHEN: Thu Mar 13 18:43:57 2014
;; MSG SIZE  rcvd: 60


So that is indeed odd, If i do this:
rill @127.0.0.1 yoda.geek.local. A
;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 52645
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; yoda.geek.local.     IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 374 msec
;; SERVER: 127.0.0.1
;; WHEN: Thu Mar 13 18:40:58 2014



So its failing dnsec validation but the log doens't show it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140313/49b51955/attachment.html>