DNAME causing problems
Marco Davids (SIDN)
marco.davids at sidn.nl
Wed Apr 18 11:31:03 UTC 2018
Hi,
I'm running Unound 1.7.0 with all the fancy features enabled (qname
minimisation, aggressive NSEC caching, the lot).
When I start with an empty cache, this DNAME domain causes a SERVFAIL:
dig A _sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl
(same for slxh.nl)
Second attempt gives the expected NXDOMAIN.
Anyone any clue of what is happening here?
Appears qname minimisation related, because unbound-host also results in
a bogus with that option enabled.
[1524050954] libunbound[16982:0] info: validate(cname): sec_status_secure
Host _sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl not found:
3(NXDOMAIN). (BOGUS (security failure))
validation failure
<_sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl. A IN>: misc
failure
--
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180418/8544bfe5/attachment.bin>
More information about the Unbound-users
mailing list