Maintained by: NLnet Labs

message is bogus, non secure rrset with Unbound as local caching resolver

Olav Morken
Thu Mar 3 09:00:49 CET 2016


On Wed, Mar 02, 2016 at 16:42:01 +0100, Olav Morken wrote:
> On Wed, Mar 02, 2016 at 08:45:11 -0500, Casey Deccio wrote:
> > On Wed, Mar 2, 2016 at 6:39 AM, Olav Morken via Unbound-users <
> > unbound-users at unbound.net> wrote:
> > 
> > > sorry for the rather longwinded email. In the interest of saving some
> > > time, here is a short summary:
> > >
> > >
> > Hi Olav,
> > 
> > Would mind trying the DNSViz command-line tool [1] against the resolvers to
> > see if anything shows up?  After install, run:
> > 
> > dnsviz probe -s x.x.x.x pingapi.paas.uninett.no | dnsviz grok -plwarning
> > dnsviz probe -s x.x.x.x pingapi.paas.uninett.no | dnsviz graph -Thtml -O
> > 
> > (substitute x.x.x.x for the BIND and unbound resolvers, in turn)
> > 
> > I'm curious if anything shows up there.
[...]
> I have grabbed a capture from the Unbound resolver that I have attached 
> to this email. If I ever happen to catch the BIND resolver having this 
> behavior, I'll try to catch the output from it as well, but I won't 
> make any promises.

I managed to check yesterday evening, and the output between the two 
upstream resolvers is identical.

Best regards,
Olav Morken
UNINETT