Maintained by: NLnet Labs

[Unbound-users] DLV anchor and unsigned domains

Alan Jurcic
Fri Mar 28 10:53:52 CET 2014


On 27.03.14 at 16:40, W.C.A. Wijngaards wrote:
> 
> Can you provide details logs about what happens when you query
> carnet.hr and get SERVFAIL?  Like, with verbosity 4, val-log-level: 2.
>  That should also printout a reason for the servfail in the logs.  If
> it works for bind, then the bug must be in unbound.
> 

Wouter,

Complete log for the unsigned domain query can be found here: http://pastebin.com/CBSM4pEz

It looks like unbound behaves differently for DLV trust anchor. It expects DNSSEC and when 
it receives NXDOMAIN for DLV query the result is an error and SERVFAIL to the user.

Cheers,

Alan