Getting SERVFAIL when trying to reach .co.il domains
Havard Eidnes
he at uninett.no
Thu Dec 31 12:39:54 UTC 2020
> Using Unbound 1.9.0 on Raspberry Pi with Pihole.
>
> Since two days ago I cannot access .co.il domains, such as hwzone.co.il or
> ynet.co.il.
The analysis tool at https://dnsviz.net/ seems to indicate there's a
problem with the DNSSEC setup for both .IL and .CO.IL, ref.
https://dnsviz.net/d/hwzone.co.il/dnssec/
The recurring message seems to be that e.g. the DNSKEY RRset for .IL
includes a key with algorithm 13 (ECDSAP256SHA256), but no
corresponding RRSIG can be found, and the same for the .CO.IL domain.
Whether that should be a fatal error is another matter, it probably
should not, as long as there exists other keys where there exists a
matching RRSIG. Newer unbound (e.g. 1.12.0) does not make this a
fatal error, and resolves those names just fine.
Regards,
- Håvard
More information about the Unbound-users
mailing list