Getting SERVFAIL when trying to reach .co.il domains
Gil Levy
just.gil at gmail.com
Thu Dec 31 12:41:56 UTC 2020
Does that mean that the problem is not with my network?
I don't know how to compile the latest build of unbound for Pihole using
RaspberryOS (Debian)
Thanks for the info.
On Thu, 31 Dec 2020 at 23:39, Havard Eidnes <he at uninett.no> wrote:
> > Using Unbound 1.9.0 on Raspberry Pi with Pihole.
> >
> > Since two days ago I cannot access .co.il domains, such as hwzone.co.il
> or
> > ynet.co.il.
>
> The analysis tool at https://dnsviz.net/ seems to indicate there's a
> problem with the DNSSEC setup for both .IL and .CO.IL, ref.
>
> https://dnsviz.net/d/hwzone.co.il/dnssec/
>
> The recurring message seems to be that e.g. the DNSKEY RRset for .IL
> includes a key with algorithm 13 (ECDSAP256SHA256), but no
> corresponding RRSIG can be found, and the same for the .CO.IL domain.
>
> Whether that should be a fatal error is another matter, it probably
> should not, as long as there exists other keys where there exists a
> matching RRSIG. Newer unbound (e.g. 1.12.0) does not make this a
> fatal error, and resolves those names just fine.
>
> Regards,
>
> - Håvard
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20201231/ececfd3c/attachment-0001.htm>
More information about the Unbound-users
mailing list