[Unbound-users] validation failure
A. Schulze
sca at andreasschulze.de
Thu Jul 3 12:50:44 UTC 2014
shmick:
> Jul 3 15:37:51 unbound: [3740:0] info: validation failure
> <7.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.6.0.8.0.6.0.0.4.0.0.8.6.4.0.4.2.ip6.arpa.
> PTR IN>: No DNSKEY record for key 0.4.2.ip6.arpa. while building chain
> of trust
Hm, cannot reproduce ...
$ dig
7.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.6.0.8.0.6.0.0.4.0.0.8.6.4.0.4.2.ip6.arpa. PTR
+dnssec
; <<>> DiG 9... <<>>
7.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.6.0.8.0.6.0.0.4.0.0.8.6.4.0.4.2.ip6.arpa. PTR
+dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7569
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;7.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.6.0.8.0.6.0.0.4.0.0.8.6.4.0.4.2.ip6.arpa. IN
PTR
;; ANSWER SECTION:
7.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.6.0.8.0.6.0.0.4.0.0.8.6.4.0.4.2.ip6.arpa.
86388 IN PTR syd01s19-in-x07.1e100.net.
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Jul 3 14:42:19 2014
;; MSG SIZE rcvd: 140
Anyway: the zone 0.4.2.ip6.arpa. belongs to RIPE and do have DNSKEY data:
$ dig @ns3.apnic.net. 0.4.2.ip6.arpa. any +dnssec
; <<>> DiG 9... <<>> @ns3.apnic.net. 0.4.2.ip6.arpa. any +dnssec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8490
;; flags: qr aa rd; QUERY: 1, ANSWER: 20, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;0.4.2.ip6.arpa. IN ANY
;; ANSWER SECTION:
0.4.2.ip6.arpa. 172800 IN RRSIG NSEC 5 5 172800
20140802065912 20140703055912 17730 0.4.2.ip6.arpa.
I1p7k9AK3ztVuxi7LhyhnQj1cc52rXygXXXzpm7V4O1oVAaRgx+4it/A
X/CEni7Lvni6+1Ysut6dQfNGgqOLvo7JGBczo9GpAqqZyZlC5n8Np+Jx
JgBPD8IfPlWqfQNttRPS4nL1eGEHklBQlGj0oDyCJXnurdPAIftKNEpI mM0=
0.4.2.ip6.arpa. 172800 IN RRSIG DNSKEY 5 5 172800
20140802065912 20140703055912 17730 0.4.2.ip6.arpa.
jdc/1Ny5HCFuCa7PpFSSc1miz7nHWrnD2saLnZ5tMv4tjq/4DOE4fiKZ
UUeHs9HlBmXpiLiUppHHAcN5yLgPuJ6dgHWhdPLuk11tz01OpF75rd6Y
dugfnh95MW4QDe5xrlPM8lnKdPXNZyIlkP08iQG6KhYl07AnrAqZgNds xSg=
0.4.2.ip6.arpa. 172800 IN RRSIG DNSKEY 5 5 172800
20140802065912 20140703055912 63292 0.4.2.ip6.arpa.
RaCNV9kwwEvsHk2STegNwIIoZO//nAzgwwYfimbukZhLG+M4FnTROm2j
q9sAmkBxnPCcrn3Kv5vYotUhAEfZVODTjsdF9ztr/+g5/flhalUK63Wz
NjL8KvW4bjuTQUbI1SRQ+xXifoKwe2blHjGrirdaNV+v6hClMDwUfR82
Un3Cr0wh35t/qjytZtLTxu13KTNLh+Y8aCJWHzFam8sF0KQ09/kAXRhv
yKhk8MgmOnG8YBy2HiVQqBUV6vPevbJGST7Aat1K3MUGPDjOWSi3NjeJ
4QJpFSPSydPrnuhWt5RJ3p2MgufISUtFH5y3xMrEXz/cM9ZpoEDrFqYJ TPMrNQ==
0.4.2.ip6.arpa. 86400 IN RRSIG TXT 5 5 86400
20140802065912 20140703055912 17730 0.4.2.ip6.arpa.
WJxUSr1rYh7TK1IlUz7+mIbYeYnur+hGvujShQNZ49q4PviZT0q+Qb3o
n5oEFWPvQVMdfr+bgl1bHU+RIqLoz2x1IjPHZkEh+vGn9Nj4BPbycc07
bxoK2znuIttVb8vgquEhdHz1U52EsUnq4D/xbh5RI4B3QYc5QRXU56om ZPc=
0.4.2.ip6.arpa. 172800 IN RRSIG SOA 5 5 172800
20140802065912 20140703055912 17730 0.4.2.ip6.arpa.
Pkz5I44w0xOQ0RmYsSAOJCWJr/gS91nVogvwDUuIICsEdl/2x/j30HR4
owA3u+EaJ1xy8lu0+DPM4VV7zsNFABu1V3/meQB6wzU8ZDjeusFKb/VF
eLh9L0sYrRDUQ9ePBbtnaWzAJijkxgQ95lo4GDUMo0xLG+rMpSdBMRUS IVQ=
0.4.2.ip6.arpa. 86400 IN RRSIG NS 5 5 86400
20140802065912 20140703055912 17730 0.4.2.ip6.arpa.
e6Cu61H9Efjr5jxx6HDmKtbIyla1RtEDaGRB1pybSu0pliWb/N4aUoRx
ORGDdgk4rLbKXXr6R4oZPKg0Tks8GevFrjBz3HEhVoX51TQv0VPlUYTO
OH/JJaCvKI/VDUScwXEVjLIzO/J0NWUujArVkM24mTQx3UJIbdu6Bjog Qbk=
0.4.2.ip6.arpa. 172800 IN NSEC
6.0.0.8.0.0.0.1.0.0.4.2.ip6.arpa. NS SOA TXT RRSIG NSEC DNSKEY
0.4.2.ip6.arpa. 172800 IN DNSKEY 256 3 5
AwEAAZx2nykuBZgSfCAZ2JW53gW1FQ+N54ROEDvsFb3h5sUxGHIPIaX7
aQu9oNjKqzJZxE2x2HNn+R7XLsRnz2CUpL1iej2Gveb41VYR8aIg0ehK
Co8t1/sRn9cWzZEHmtyRL3MFMHi1urmxsEIusvNK7jhvbNta6+OLJpYu 4+5nO9Cl
0.4.2.ip6.arpa. 172800 IN DNSKEY 257 3 5
AwEAAXP4O1q8akmxghpAhkhpriaLA8AZbFE5+QVmspMmyBYW+xoIUwkk
YiqPQSgFjKNrOeKfnCPdhQMDoDIwagUAE5BQS9rGC+aMk/UL37QiP0dl
YAIqgSQh67RtGxWSxDlF5hTzXe9VQBd++HDlkAXkHa8g/AX3T7xIFjmc
3HnSvpl74oygWu8PUJtyHsyL2WlUZbqHV+KGO1BbAoU2BttYuVSi1aeE
cSQfwHYSn+fajaCR29J9CJcMGMAtOi5kWFM72aHxFRkfbbdPG6rSaV/Q
dbjIimg1rsoym68+gnrkn7ZiFnlGqSushCEgvLZRRBSn2wM+0y3Rrk7d Pi1F2/jQUXM=
0.4.2.ip6.arpa. 172800 IN DNSKEY 256 3 5
AwEAAY/cQBrzJm/tWqQBBnDt/8xtEaekCtGHuNXwbPzwMjTWtCI9E3Hc
pCNxN6U9/PrV4Ru11cGE5SvXigz+wLh1pscuW30aVh8RxS2Ee5/drFNU
uGvQgHmEcbvSQWuBq08JaaRNhVL4pGa6tsTfnPBjv3oNRDwDY8D3P2+P esPleR1T
0.4.2.ip6.arpa. 172800 IN DNSKEY 257 3 5
AwEAAX701vB4eE0ESpb5mpZMLGsny0ksIwxo+hfRESbwYQQ0Sj5iex3F
N3dZpaNDNioV25YHsjqHCHZJ+IwPmn7hb4eH9cjjeZRMHVEN5VVGUSIc
7tSni5jSfp+QyGbCxVz7DpM5mYkHrbXKuY+k00hPaTJafkeTgGJZ2G3H
JZxoNy0CHH8e2S7a5aCkA6nQeyz50YtqLjF+mEhchHXQhviv6doRmrl4
6LrT20sp3iLy2uamfPW4JxVFp8lx6EjosC8gd76kuzj1xIQI4aT1oPpf
C4XQxdvJidfWuH+aOYuwLMuJkPO8eMRm8C78VVaZPljp7wuhwAmAQYuE S1uWakejDmk=
0.4.2.ip6.arpa. 86400 IN TXT "zone updated 20140703"
0.4.2.ip6.arpa. 86400 IN NS tinnie.arin.net.
0.4.2.ip6.arpa. 86400 IN NS ns4.apnic.net.
0.4.2.ip6.arpa. 86400 IN NS ns3.apnic.net.
0.4.2.ip6.arpa. 86400 IN NS apnic1.dnsnode.net.
0.4.2.ip6.arpa. 86400 IN NS sec1.authdns.ripe.net.
0.4.2.ip6.arpa. 86400 IN NS ns1.apnic.net.
0.4.2.ip6.arpa. 86400 IN NS ns2.lacnic.net.
0.4.2.ip6.arpa. 172800 IN SOA ns1.apnic.net.
read-txt-record-of-zone-first-dns-admin.apnic.net. 3007063981 7200
1800 604800 172800
;; Query time: 271 msec
;; SERVER: 2001:dc0:1:0:4777::131#53(2001:dc0:1:0:4777::131)
;; WHEN: Thu Jul 3 14:43:23 2014
;; MSG SIZE rcvd: 2403
http://dnscheck.iis.se/?time=1404391548&id=4120772&view=advanced&test=standard
looks also not dramaticly
Did you just tried to restart unbound ?
Andreas
More information about the Unbound-users
mailing list