getting NXDOMAIN for existing entry
A. Schulze
sca at andreasschulze.de
Wed Jun 12 15:28:34 UTC 2019
Am 12.06.19 um 06:13 schrieb Nevel Gandish via Unbound-users:
> Hello,
>
> I'm trying to test my mail server with https://havedane.net but it will send mails to the subdomain with invalid DANE entry.
> Reason seems, that my local unbound (1.9.0) installation gives NXDOMAIN when looking up _25._tcp.wrong.havedane.net <http://tcp.wrong.havedane.net>:
Hello Nevel,
it's havedane.net's fault: http://dnsviz.net/d/_25._tcp.do.havedane.net/dnssec/
_tcp.do.havedane.net. is denied to exist:
$ dig @ns091.auroradns.eu _tcp.do.havedane.net. any +norec
you get an NXDOMAIN but as we *know, _25._tcp.do.havedane.net. exist,
the correct answer would be NOERROR.
So unbound configured to use qname-minimisation will fail.
You may try to disable qname-minimisation and/or report to havedane.net operators.
Andreas
More information about the Unbound-users
mailing list