[Dnssec-trigger] Bug reports ?

W.C.A. Wijngaards wouter at NLnetLabs.nl
Fri Oct 21 14:51:04 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Phil,

On 10/21/2011 04:39 PM, Phil Regnauld wrote:
> W.C.A. Wijngaards (wouter) writes:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Phil,
>>
>> On 10/21/2011 04:13 PM, Phil Regnauld wrote:
>>> I have a strange issue I'm trying to debug with dnssec-trigger + unbound 1.4.13
>>> on OS X Lion, and a broken network with TCP/53 only.  Should I use this list
>>> to discuss this issue, or submit the problem somewhere else ?
>>
>> Yes use this list.
>>
>> TCP/53 only, it must try to use the tcp-80 and tcp-443 fallback servers?
>>  Does that work?  (you may be first to actually use it).
> 
> 	Nope, didn't work.  I'm seeing a strange combination of problems which
> 	led med to work around just to get DNS resolution working:
> 
> 	- tcp-upstream: yes in unbound.conf
> 	- disable auto-trust-anchor (and validation)
> 	- turn off dnssec-trigger (that was 0.5, but I've just upgraded to 0.6
> 	  following your announcement)

Ok, unbound's tcp-upstream works then :-)

> 	I'll try again with 0.6 a bit later, and will make sure it's not an
> 	issue with unbound first, then get back to the list.

Alright, thanks for that, remove the tcp-upstreamyes from the conf when
you try again (and add the trustanchoragain), otherwise dnssec-trigger
fails.

You can always try 'Hotspot signon' which puts you in insecure mode: the
servers from DHCP are used, and unbound is bypassed.  Maybe that is
useful during debugging to get DHCP-connectivity again.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOoYbYAAoJEJ9vHC1+BF+Ne2oQAJfHtzjIDZ9ZgGuKk+X5Rops
MYCzKMeRDkk85Rnm7Uh/1tmQpoISOT68U0RwRKMmUarO/3KHw3cYSnBKhGQ8kO8w
AOirgKclWow4VIsWVYxe1fZarRPhQ5is37bzcs/GGmDc71aMc1vTND/aUCmdQgVa
WM68yEIpKHj94m1ob+CAPPWz7DSEMgZaRP5TYsMWsuggLhKpPOG2xrtWi1FA73W2
6U/41C8/bZgdr2JQdPJek/qklipIC5L8tvpRJvmMOgPlSLe38zViy35OXpmmPs3W
IlnWCESRSmoenTDzUXveLcyDkHnhiC9UBxb/2J3TB1a+5rK4KstGWJ8P8j7Gup0s
7bKIre1WUHsgnAqfErygHe6zHF3QXyFwAwG8jQ6Lo7JmgHiAKZWxPnSQ/V4GhXNr
eAyaF6u3t7JXZM00LDYatVI9hTxIpsbu97kKG3+LyyHpfe8W0Oh+jeiVTQHHb/F5
dIS64I7j3xjgm7F+gjaWGN6WbIGDQqRKxj3dZDFGCOi6EKjcXE27ofc0hE12ynLx
8IFJw3dtPKpqVikOvuQgu7/iH94kP2Y4eIIBcAltwHCu5samRh8dCMy1ab4QUfB0
RLHZWmVhgv1fo94k+bP+JqJ+iHDw7uvmyHIkyFYPjhT51MBzMDaOFL/GmVlmMJup
BJvZ852tQUysapevoSuJ
=cLa/
-----END PGP SIGNATURE-----



More information about the dnssec-trigger mailing list