Maintained by: NLnet Labs

Validation failure for www.iana.org?

A. Schulze
Mon Oct 30 13:58:40 CET 2017


Robert Edmonds via Unbound-users:

>     validation failure <www.iana.org. A IN>: no keys have a DS with  
> algorithm RSASHA1-NSEC3-SHA1 from 2001:500:8f::53 for key icann.org.  
> while building chain of trust


Robert,

did you compile unbound with "--disable-sha1"?
see https://unbound.net/pipermail/unbound-users/2017-April/004747.html

anyway, www.iana.org works fine here:

$ dig www.iana.org

; <<>> DiG 9.10.3-P4-Debian <<>> www.iana.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33171
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.iana.org.                  IN      A

;; ANSWER SECTION:
www.iana.org.           2725    IN      CNAME   ianawww.vip.icann.org.
ianawww.vip.icann.org.  30      IN      A       192.0.32.8

;; Query time: 260 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 30 13:57:34 CET 2017
;; MSG SIZE  rcvd: 89