[Unbound-users] Unbound stop working without error-log
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Wed Nov 3 08:07:29 UTC 2010
Zitat von "W.C.A. Wijngaards" <wouter at NLnetLabs.nl>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Update for the disaster-tourists on the list - unbound logs with
> val-log-level: 2 that the upstream bind sends expired signatures -
> sleuthing continues ...
It seems more that unbound and bind disagree in their opinion if the
signature is expired or not. As said the time unbound starts failing
the same queries done directly to the upstream resolve *and* validate
fine. So the options are:
- Bind does not send the same data it is using for validation to the
downtsream (unbound) client. Would be a Bind bug i guess.
- Unbound and Bind do validation different (should not happen IMHO)
- Validation in Unbound for some cases is broken. Would be a bug in
Unbound i guess.
It would be nice to get help how to debug this as DNSSEC "by-hand" is
somewhat challenging.
Regards
Andreas
More information about the Unbound-users
mailing list