[Unbound-users] issue with unbound 1.4.6rc1 maintainers prerelease ?
Paul Wouters
paul at xelerance.com
Mon Jul 19 16:13:28 UTC 2010
> Unbound 1.4.6rc1 is prereleased:
> http://unbound.net/downloads/unbound-1.4.6rc1.tar.gz
> sha1 c1434f44d5c7dd456cc5d8195d1de23429ac19b9
> sha256 77377a429a2bafda276d921de24601114efa22809b2fa149e258f8f0c35a4d38
>
> Mostly bugfixes, with this release prompted by the RFC for GOST. GOST
> is enabled if the SSL and ldns support it. Otherwise, unbound acts as
> if GOST is not supported (it becomes insecure).
I did a compile test. I have openssl with gost, ldns 1.5.6rc1 with gost,
and unbound with gost compiled and installed.
I had no trust anchors yet:
[root at bofh devel]# grep trust-anchor /etc/unbound/unbound.conf |grep -v "#"
[root at bofh devel]#
I am confused about this query:
[root at bofh devel]# dig +dnssec -t ns gost.cert.ru. @localhost
; <<>> DiG 9.6.2-P2-RedHat-9.6.2-5.P2.fc12 <<>> +dnssec -t ns gost.cert.ru. @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11021
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 9, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;gost.cert.ru. IN NS
;; AUTHORITY SECTION:
cert.ru. 3242 IN SOA ns.cert.ru. postmaster.cert.ru. 1279506600 10800 3600 604800 3600
cert.ru. 3242 IN RRSIG SOA 5 2 3600 20100722023000 20100719013000 39201 cert.ru. BkEGeTqFrqOKR03Zh2ox/73Fvtb7slZUGSYauDRXCfuGrJGBBekPaVZC wz79JHaj5C0F5BOl/P2tM2nRPD4szfy7Dl65Ecnv8wLdKOx9LO0+w97H nXMWT5N1O4GsTypCi81ilGixrVfcOf+Dnz+Hnllr35a8z4dtAYVmlgX6 /iw=
cert.ru. 3242 IN RRSIG SOA 12 2 3600 20100722023000 20100719013000 18367 cert.ru. 7opJj1wkw4+Vub6bImpqx+ijkVv9G3Oh1ynRLjk+hATUoX/7SaxfaWIb 4ocpfOZjX6fXlnzviCphbcSbT0bj7A==
cert.ru. 3242 IN NSEC cobin.cert.ru. A NS SOA MX TXT RRSIG NSEC DNSKEY
cert.ru. 3242 IN RRSIG NSEC 5 2 3600 20100722023000 20100719013000 39201 cert.ru. UIcidDcm89nvSlfjnSa364r/RXkeNoipCKs5Jkik6KPSs1iSBlBkB7QG MkevzOCR4jFm8NQ0ip/Ry3bKcEDxfBWBRJ0Q4PKDmX4M2aIaM9SUW3mo yyqZqzM4apva6+azzGf3WT6pbj0PQcsYaoQI9kX3DxqmgT4rJ8locBGm KEI=
cert.ru. 3242 IN RRSIG NSEC 12 2 3600 20100722023000 20100719013000 18367 cert.ru. bHxEa6OY2S0GS18t7QmvJ8QPQBEZ81QS0NcBWLGgA8TDr3mrX2o18RDI FCwrJ3w9qlV4yhh/tlSwMN0I9winQg==
dlv.cert.ru. 3242 IN NSEC imap.cert.ru. NS DS RRSIG NSEC
dlv.cert.ru. 3242 IN RRSIG NSEC 5 3 3600 20100722023000 20100719013000 39201 cert.ru. cFkL+pVMB8PsV4NOkW/FYuI09yaox1H1yPvNRncwBemhMFWvU9dY80Wd dITEGPzYfMRgRt2pmfBZ2uu2GOHY0BzbtqkgwG4UOyyRqhbqQdS2Opot 9uM/WIIPCRTBNekwEcUY+sGh3+yYhs7cCb83nZ83YIIXFiaC2R7n52NT 1kE=
dlv.cert.ru. 3242 IN RRSIG NSEC 12 3 3600 20100722023000 20100719013000 18367 cert.ru. 2AJGKi8MacFuAo0n7EWwexn7Pc6rCN877+QMs76a8iDq+9VZPPoec8Js zn0TI9ta61ISt0A8UDjndK7cswpleA==
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 19 12:04:54 2010
;; MSG SIZE rcvd: 975
This shows the AD bit, and I am unsure why. There is no DS record, nor a DLV record
for gost.cert.ru. And I did not configure a trust anchor for it yet.
I've attached unbound.log with verbosity:4
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound.log.gz
Type: application/x-gzip
Size: 459628 bytes
Desc:
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20100719/cdc06999/attachment.bin>
More information about the Unbound-users
mailing list