[Unbound-users] DNSSEC validation failure of .nl TLD

Sander Smeenk ssmeenk at freshdot.net
Mon Oct 29 12:49:07 UTC 2012

Quoting Leen Besselink (leen at consolejunkie.net):

> > >>> verify rrset <sidn.nl. DS IN>
> > >>> DS rrset in DS response did not verify
> > >>> validator operate: query <www.sidn.nl. A IN>
> > >>> Could not establish a chain of trust to keys for <sidn.nl. DNSKEY IN>

> > Just to let you know we are aware of this and investigating in.
> > Nothing to report further yet, though...

> As I mentioned before this was with an old version of Unbound, the bug
> is probably fixed already.  And if you want a log and a cache-dump
> mail me directly, I'll send it to you.

The issue with the .nl validation we've seen yesterday evening are not
related to Unbound or Unbound versions. People using different resolver
software also reported problems with the .nl zone.

SIDN is looking in to it and will probably release some formal
communication about it in due time. ;-)

| Recursive, adj.; See Recursive
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2

More information about the Unbound-users mailing list