Some sites not resolving (DNSSEC?)
petr.spacek at nic.cz
Wed May 23 13:58:44 UTC 2018
On 23.5.2018 15:46, W.C.A. Wijngaards via Unbound-users wrote:
> Hi Hank,
> On 23/05/18 15:23, Hank Barta via Unbound-users wrote:
>> Hi all,
>> I use pfsense for my firewall and have selected the unbound resolver for
>> DNS on my home LAN. I have configured this to use Cloudflare DNS with
>> DNSSEC enabled. In addition to checking the "Enable DNSSEC Support"
>> checkbox on the DNS Resolver configuration page I have added the custom
> The 184.108.40.206 server responds without DNSSEC for coder.show DS queries.
> And for an insecure referral it needs DS denial information for type DS,
> eg. the NSEC or NSEC3 from the .show TLD.
> Without the forward to 220.127.116.11 it works fine for me. So it doesn't seem
> to be the .show TLD or coder.show site, but the 18.104.22.168 unsigned CNAME
> for qtype DS.
> A workaround is domain-insecure: "coder.show" in unbound.conf
This is most likely a bug in Knot Resolver and we are working on fix:
Petr Špaček @ CZ.NIC
More information about the Unbound-users