DNAME causing problems

Marco Davids (SIDN) marco.davids at sidn.nl
Wed Apr 18 11:31:03 UTC 2018


I'm running Unound 1.7.0 with all the fancy features enabled (qname 
minimisation, aggressive NSEC caching, the lot).

When I start with an empty cache, this DNAME domain causes a SERVFAIL:

dig A _sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl

(same for slxh.nl)

Second attempt gives the expected NXDOMAIN.

Anyone any clue of what is happening here?

Appears qname minimisation related, because unbound-host also results in 
a bogus with that option enabled.

[1524050954] libunbound[16982:0] info: validate(cname): sec_status_secure
Host _sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl not found: 
3(NXDOMAIN). (BOGUS (security failure))
validation failure 
<_sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl. A IN>: misc 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180418/8544bfe5/attachment.bin>

More information about the Unbound-users mailing list