Some sites not resolving (DNSSEC?)
hbarta at gmail.com
Wed May 23 14:51:22 UTC 2018
Thanks for looking into this. I have added some other sites that also
present this problem to the issue.
On Wed, May 23, 2018 at 8:58 AM, Petr Špaček via Unbound-users <
unbound-users at unbound.net> wrote:
> On 23.5.2018 15:46, W.C.A. Wijngaards via Unbound-users wrote:
>> Hi Hank,
>> On 23/05/18 15:23, Hank Barta via Unbound-users wrote:
>>> Hi all,
>>> I use pfsense for my firewall and have selected the unbound resolver for
>>> DNS on my home LAN. I have configured this to use Cloudflare DNS with
>>> DNSSEC enabled. In addition to checking the "Enable DNSSEC Support"
>>> checkbox on the DNS Resolver configuration page I have added the custom
>> The 18.104.22.168 server responds without DNSSEC for coder.show DS queries.
>> And for an insecure referral it needs DS denial information for type DS,
>> eg. the NSEC or NSEC3 from the .show TLD.
>> Without the forward to 22.214.171.124 it works fine for me. So it doesn't seem
>> to be the .show TLD or coder.show site, but the 126.96.36.199 unsigned CNAME
>> for qtype DS.
>> A workaround is domain-insecure: "coder.show" in unbound.conf
> This is most likely a bug in Knot Resolver and we are working on fix:
> Petr Špaček @ CZ.NIC
'03 BMW F650CS - hers
'98 Dakar K12RS - "BABY K" grew up.
'93 R100R w/ Velorex 700 (MBD starts...)
'95 Miata - "OUR LC"
polish visor: apply squashed bugs, rinse, repeat
Beautiful Sunny Winfield, Illinois
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Unbound-users