[Dnssec-trigger] bugs.debian.org validation failure
Chuck Anderson
cra at WPI.EDU
Thu Sep 18 19:35:30 UTC 2014
On Thu, Sep 18, 2014 at 01:32:20PM -0400, Paul Wouters wrote:
> On Thu, 18 Sep 2014, Chuck Anderson wrote:
>
> >Why is unbound showing a validation failure when dnsviz.net shows everything is good?
>
> dnsviz.net is not using the resolvers/forwarders you are using?
>
> >Sep 18 12:07:34 system unbound: [2399:1] info: validation failure bugs.debian.org. AAAA IN
>
> ># unbound-control list_forwards
> >. IN forward: 130.215.32.18 130.215.39.18 130.215.5.18
>
> Try not using those forwards? eg:
I'm fairly certain the forwarders aren't the problem since I run those
as well. They are standard BIND 9 installs running full recursion
with no firewall on the DNS traffic, but they don't have DNSSEC
validation turned on yet.
> unbound-control reload
> unbound-control forward_add . 8.8.8.8
>
> Then try again? If that works, go back to the original forwarders and
> see if the problem returns. If so, possibly crank up the verbosity: in
> unbound.conf so you get more information about why it failed validation.
Too late to check--it is working now with the same forwards. So this
was a transient issue.
# host bugs.debian.org
bugs.debian.org has address 140.211.166.26
bugs.debian.org has address 206.12.19.140
bugs.debian.org has IPv6 address 2607:f8f0:610:4000:6564:a62:ce0c:138c
bugs.debian.org mail is handled by 10 buxtehude.debian.org.
I have very few issues with unbound/DNSSEC, so I'm not sure what to do
for troubleshooting when a problem does happen. What verbosity level
do you suggest? I'll have to leave it cranked up so I'll have the
data if/when this happens again.
More information about the dnssec-trigger
mailing list