Validation failure for www.iana.org?
A. Schulze
sca at andreasschulze.de
Mon Oct 30 12:58:40 UTC 2017
Robert Edmonds via Unbound-users:
> validation failure <www.iana.org. A IN>: no keys have a DS with
> algorithm RSASHA1-NSEC3-SHA1 from 2001:500:8f::53 for key icann.org.
> while building chain of trust
Robert,
did you compile unbound with "--disable-sha1"?
see https://unbound.net/pipermail/unbound-users/2017-April/004747.html
anyway, www.iana.org works fine here:
$ dig www.iana.org
; <<>> DiG 9.10.3-P4-Debian <<>> www.iana.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33171
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.iana.org. IN A
;; ANSWER SECTION:
www.iana.org. 2725 IN CNAME ianawww.vip.icann.org.
ianawww.vip.icann.org. 30 IN A 192.0.32.8
;; Query time: 260 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 30 13:57:34 CET 2017
;; MSG SIZE rcvd: 89
More information about the Unbound-users
mailing list