[Unbound-users] unbound servfail
wouter at NLnetLabs.nl
Tue Sep 30 07:42:23 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
So, you can resolve, but no DNSSEC.
>  libunbound[27451:0] info: validate keys with
> anchor(DNSKEY): sec_status_bogus
>  libunbound[27451:0] info: failed to prime trust anchor --
> could not fetch secure DNSKEY rrset <com. DNSKEY IN>
>  libunbound[27451:0] info: Could not establish validation
> of INSECURE status of unsigned response.
> com has address 192.168.1.2 (BOGUS (security failure))
So your server does not serve a signed zone. If you
dig @192.168.1.2 com. DNSKEY +dnssec
It should return DNSKEY and RRSIG records. The logs above tell me that
RRSIGs are missing. Perhaps also the DNSKEY RRset is missing.
If you use NSD - did you put the zone file 'com.signed' in the config?
(not just "com").
If you use BIND - did you enable the dnssec options and load a signed zone?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Unbound-users