Maintained by: NLnet Labs

message is bogus, non secure rrset with Unbound as local caching resolver

Paul Wouters
Wed Mar 2 16:47:13 CET 2016


On Wed, 2 Mar 2016, Olav Morken via Unbound-users wrote:

> Unfortunately, the BIND server only tends to return responses where the
> authority-section has NS-records but no RRSIG-record during the night.
> I suspect it has something to do with traffic levels and what other
> systems are accessing it. It makes it all a bit hard to troubleshoot.
> The main source of information for troubleshooting has been a
> combination of PCAP-files and log files.

Are you sure this is not the bind wildcard bug? Can you try to resolve
something like pwouters.fedorahosted.org. That's an expanded wildcard.

If so, this is the same bug as:

https://bugzilla.redhat.com/show_bug.cgi?id=824219

We have a test for this, but I don't this dnssec-trigger has included
this test yet.

Paul