[Unbound-users] unbound servfail
Wouter Wijngaards
wouter at NLnetLabs.nl
Tue Sep 30 07:42:23 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Shahab,
So, you can resolve, but no DNSSEC.
> [1222713721] libunbound[27451:0] info: validate keys with
> anchor(DNSKEY): sec_status_bogus
> [1222713721] libunbound[27451:0] info: failed to prime trust anchor --
> could not fetch secure DNSKEY rrset <com. DNSKEY IN>
> [1222713721] libunbound[27451:0] info: Could not establish validation
> of INSECURE status of unsigned response.
> com has address 192.168.1.2 (BOGUS (security failure))
So your server does not serve a signed zone. If you
dig @192.168.1.2 com. DNSKEY +dnssec
It should return DNSKEY and RRSIG records. The logs above tell me that
RRSIGs are missing. Perhaps also the DNSKEY RRset is missing.
If you use NSD - did you put the zone file 'com.signed' in the config?
(not just "com").
If you use BIND - did you enable the dnssec options and load a signed zone?
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjh2F8ACgkQkDLqNwOhpPhW6QCgrP5tftnogIE7Q3jrpBQ28inN
rUYAoKU+hxHhAgZ4p6Kp63J4wCXqLd0O
=NFbE
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list