Unable to resolv 1 domain
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Thu Apr 6 10:32:19 UTC 2017
Hi Franky,
The domain is DNSSEC bogus. Unbound says:
validation failure <lkpp.go.id. A IN>: no keys have a DS with algorithm
RSASHA1-NSEC3-SHA1 from 103.13.181.24 for key lkpp.go.id. while building
chain of trust
And dnsviz output also shows it is bogus, here is a link
http://dnsviz.net/d/lkpp.go.id/dnssec/
If you want to make unbound ignore this failure, add to unbound.conf:
domain-insecure: "lkpp.go.id"
Best regards, Wouter
On 06/04/17 12:16, battossai via Unbound-users wrote:
> Hi,
>
> My Unbound server unable to resolv this domain : lkpp.go.id
> <http://lkpp.go.id>
> In fact i have forward it to other dns server and its domain server.
>
> But again it is no issue on named.
> Any idea what i have to check ?
>
> Here is some information :
>
> [root at ns1smg ~]# dig @103.55.160.20 <http://103.55.160.20> lkpp.go.id
> <http://lkpp.go.id>
>
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> @103.55.160.20
> <http://103.55.160.20> lkpp.go.id <http://lkpp.go.id>
>
> ; (1 server found)
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22042
>
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
>
> ;; QUESTION SECTION:
>
> ;lkpp.go.id <http://lkpp.go.id>.INA
>
>
> ;; ANSWER SECTION:
>
> lkpp.go.id <http://lkpp.go.id>.604800INA103.206.244.234
>
>
> ;; AUTHORITY SECTION:
>
> lkpp.go.id <http://lkpp.go.id>.604800INNSns2.lkpp.go.id
> <http://ns2.lkpp.go.id>.
>
> lkpp.go.id <http://lkpp.go.id>.604800INNSns1.lkpp.go.id
> <http://ns1.lkpp.go.id>.
>
>
> ;; ADDITIONAL SECTION:
>
> ns1.lkpp.go.id <http://ns1.lkpp.go.id>.604800INA103.13.181.24
>
> ns2.lkpp.go.id <http://ns2.lkpp.go.id>.604800INA103.55.160.20
>
>
> ;; Query time: 9 msec
>
> ;; SERVER: 103.55.160.20#53(103.55.160.20)
>
> ;; WHEN: Thu Apr 6 17:14:58 2017
>
> ;; MSG SIZE rcvd: 112
>
>
>
> On my unbound server :
>
> [root at ns1smg ~]# dig @111.68.27.3 <http://111.68.27.3> lkpp.go.id
> <http://lkpp.go.id>
>
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> @111.68.27.3
> <http://111.68.27.3> lkpp.go.id <http://lkpp.go.id>
>
> ; (1 server found)
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41327
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
>
> ;; QUESTION SECTION:
>
> ;lkpp.go.id <http://lkpp.go.id>.INA
>
>
> ;; Query time: 9 msec
>
> ;; SERVER: 111.68.27.3#53(111.68.27.3)
>
> ;; WHEN: Thu Apr 6 17:14:34 2017
>
> ;; MSG SIZE rcvd: 28
>
>
>
> Regards,
> Franky Yu
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170406/e1b5ccf6/attachment.bin>
More information about the Unbound-users
mailing list