unbound 1.9.1 - No DNSKEY record for key wolfssl.com. while building chain of trust - why?
Christian 'wiwi' Wittenhorst
wiwi at progon.net
Fri Jan 3 22:11:26 UTC 2020
Dear Ralph.
Dear List.
(Platform is CentOS 7, most current)
I see: "Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error:
tcp sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)"
So it looks, as if unbound is unable to do tcp connections. But why?
Firewall is deactivated.
[root at rdns0 unbound]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
dig from the same machine can use tcp to these hosts:
[root at rdns0 unbound]# dig wolfssl.com dnskey +dnssec @97.74.111.55
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> wolfssl.com dnskey
+dnssec @97.74.111.55
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63791
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1472
;; QUESTION SECTION:
;wolfssl.com. IN DNSKEY
;; ANSWER SECTION:
wolfssl.com. 3600 IN DNSKEY 257 3 8
AwEAAeuDjCM2yxIKeSzzEcWJIqHXCiZPZlAWxLbqP6EzB/tV4YEBpVNx
gFg9zQPGGgMi1DzskNYMvxyFkTYIFMX1iNULKOSswyPBxPaeR6TJ6PB2
fL4UGjnLGohlUPraFINVu8KNQOn/nVnTY3cdyZG7CM2pZDInilgT3S3b
RsPzZKhxbEDUTciH3nNtZ+adOVrAHMUFCqCtdUhBc4UzX3YG0QlvYrpP
tF7QbUKoX1FCl5xfnkJUUDMdytmSI+GiFZqpFj5SyRaEDORWuCUIRErp
Jd0rB9ebz61yfV5OYTELSS8NBeIoIqSnJzUNljkSqxrXvYb3LM9+9Loq nHfiIl/OOvM=
wolfssl.com. 3600 IN DNSKEY 257 3 8
AwEAAbibT2uFcRnWZbypTRQari8EA8UtZFCi/itqREiRPra/7A6VjTL6
vIbrQlAO0bpCKa+2vCKpYzGOt4Bjs5qVf9BiSU1IaAe+JvigAEWkORNQ
w+1DFZ0ZJCc7TnMoqPp9etOZHtEx/UoTS8dCHDsHa4UMghsDwklZ8tj9
gFYRdIVULyIpNNO7woj6J1tQqy0/DRd3DCqtaF9HcaD/7VqIvDoDrCs9
r8tkaFWikxzcEg5G2gyUxmdoq9wzzkgr6FO7jqR+BnSQ+CqaTI4cjUmD
TaS/AQpHcNSqBQCEep8liD+qo1kwAZ7xhbASeeXqW1LLyp98aKhSlPzd JPE2tm3QL70=
wolfssl.com. 3600 IN DNSKEY 256 3 8
AwEAAcoqW8bT4ywr3Ce+J2629UiJk4X9uIqY1m4kGrSdIPOnn4JnQHj1
vQ1U/mu5bTEsRK00+vmHs33pPNVxvxh8yMmVjo7cPNaP1IYiOBdMnKJX
L4fw9muhr4pziyJd7rhvTd74fDNu/cnGjSGEINXHMTmyAa6ZbZUtuY74
Df+uioDKC93wXbJUfauCvN/6g6s9OKRoA24p4b/I20/ClK85KkTu6k7t
PnN3cU0IKJxuU1AXihABuF3o2tYcMOJVEbiQLIK7SlfJnk0E5vfBbOkn
2EfEWpWZ0RGkkMulK0LMq39yNbX3tQPFrEJABNChxhkgxIGaajaUMOLk 3LgVdsPJ8lU=
wolfssl.com. 3600 IN DNSKEY 256 3 8
AwEAAcLSvxos9ERtEj94msxFNTRASIcBWYLWF5EIhCASDP+qjGptlBNl
K+o1kmqQ0sSDncbZfAPqupXOjl0NR64fbDG6jVdpLTR3Dcr57eaq9kE0
1d6iLj7zoQEINZ9zIk8EmCFLQJmaatsXwYcwter0MkL4CBa33/BsS0F5
foOHScFW3q8IMIFckLkaGv5deE+oI29gcsBnU2cTkvRPWFBl3AWM8mkr
HZcYPSQcC/Zpo1cAzHk/xShAtaGRnYlzC3KIZbAhNfp7bW7SuOJ1O7L0
M0G8Tl1sEkl3M0QbM4EKHQol8vjkXf8gvI/jCVg5nB9MPO88RqjYA7bL IumTJNxH+lE=
wolfssl.com. 3600 IN RRSIG DNSKEY 8 2 3600
20200114231625 20191230231625 54187 wolfssl.com.
XtctZDTBA83dmP1bLWYqhY4DvX7C7K/FiUnEiNQ2ZiY1s5PR/HosHBAR
8rvI/V9HZnE4uEK8BqM0FTn/EljA5pkLmlt/QZkSUPzjnsUkebmTge48
HQDlcUPRRa38aYQlxU9tWDfLA5pquvOzeRNOAX6pNEX0DcJ+j6ChBepe
2Zqi1dV/XZDIlsSLNxnQ5fgwXyQTYnWrcFa19s0PQfG38N8VQFkT2wj8
asrpY5cq39IloHa6/kQ9L8GU8x7ZaIv/tNeaUeoOR24hTuj5/tK4XUuk
0TcyBNJTED+Dpr1yKqyfbev/qbyyfLwYlPoilXizaee3L8405HyzKUVP mgqh8Q==
;; AUTHORITY SECTION:
wolfssl.com. 3600 IN NS pdns11.domaincontrol.com.
wolfssl.com. 3600 IN NS pdns12.domaincontrol.com.
wolfssl.com. 3600 IN RRSIG NS 8 2 3600
20200114231625 20191230231625 58008 wolfssl.com.
CNK3+5fCh0yDowU9y26j0xAgxVuTvyYzsbqZBoaeGeLCxE4a5jahLukl
sHQsnKyoLxaXIZgiK+MYEuFP+HdebEZQE4THmp0okCiqWJr1SPW9sllw
wP+S2qn4TjJUbyyZ0FjZ8aR8QjF6Wep0Pjd48EI3lPOMZOz+ISwDeJVD
zkK2/yaYnPhl8giEX20VPCA5oXA4wiJ5MFzFJlyTRficeyDq6ZYee+78
uQdUA9y3BGliws5GD5q+q4MIjHaNev6225NjYV2hkUCrHpV4UQjxHfQV
3hsaRs0d9A65svpGhQ4zQ+2nS8MA6hxtVtbkXWRXxUx3pTKQmANkg4qB rkSbtw==
;; Query time: 6 msec
;; SERVER: 97.74.111.55#53(97.74.111.55)
;; WHEN: Fri Jan 03 23:05:28 CET 2020
;; MSG SIZE rcvd: 1798
unbound.conf is:
server:
verbosity: 5
num-threads: 8
so-reuseport: yes # no change
username: "unbound"
pidfile: "/var/run/unbound.pid"
outgoing-interface: 85.158.27.148 # no change
do-ip6: no
interface: 127.0.0.1
#interface: 127.0.0.1 at 853
interface: 0.0.0.0
interface: ::0
#interface: 0.0.0.0 at 853
#interface: ::0 at 853
access-control: 127.0.0.1 allow
access-control: ::1 allow
access-control: 46.234.32.0/19 allow
access-control: 81.94.112.0/20 allow
access-control: 85.158.24.0/21 allow
access-control: 109.233.176.0/21 allow
access-control: 82.136.38.0/27 allow
access-control: 64.71.160.96/27 allow
access-control: 91.232.37.0/24 allow
access-control: 87.245.215.224/29 allow
access-control: 217.11.218.80/28 allow
access-control: 172.18.0.0/21 allow
access-control: 2001:4b20:2000::/29 allow
access-control: 0.0.0.0/0 deny
access-control: ::0 deny
root-hints: "/etc/opt/as34288/unbound/root.hints"
auto-trust-anchor-file:
"/etc/opt/as34288/unbound/trust-anchor/root.key"
# cache timeouts
cache-min-ttl: 60
cache-max-ttl: 900
cache-max-negative-ttl: 60
# rotate rrsets
rrset-roundrobin: yes
val-log-level: 2
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: 0vRDCD
mod1 wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: 1RDdc mod0
rep wolfssl.com. A IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: iterator
operate: query wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
processQueryTargets: wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
DelegationPoint<wolfssl.com.>: 2 names (0 missing), 4 addrs (4 result, 0
avail) cacheNS
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
pdns12.domaincontrol.com. * A AAAA
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
pdns11.domaincontrol.com. * A AAAA
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: sending
query: wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: mesh_run:
end 2 recursion states (1 with reply, 0 detached), 2 waiting replies, 0
recursion replies sent, 0 replies
dropped, 0 states jostled out
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: 0vRDCD
mod1 wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: 1RDdc mod0
rep wolfssl.com. A IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: iterator
operate: query wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
processQueryTargets: wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
DelegationPoint<wolfssl.com.>: 2 names (0 missing), 4 addrs (4 result, 0
avail) cacheNS
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
pdns12.domaincontrol.com. * A AAAA
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
pdns11.domaincontrol.com. * A AAAA
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: sending
query: wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: mesh_run:
end 2 recursion states (1 with reply, 0 detached), 2 waiting replies, 0
recursion replies sent, 0 replies
dropped, 0 states jostled out
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: 0vRDCD
mod1 wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: 1RDdc mod0
rep wolfssl.com. A IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info: iterator
operate: query wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
processQueryTargets: wolfssl.com. DNSKEY IN
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
DelegationPoint<wolfssl.com.>: 2 names (0 missing), 4 addrs (4 result, 0
avail) cacheNS
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] info:
pdns12.domaincontrol.com. * A AAAA
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 97.74.111.55 port 53 (len 16)
Jan 03 22:53:36 rdns0.edu-zg.io unbound[7681]: [7681:0] error: tcp
sendmsg: Operation not supported for 173.201.79.55 port 53 (len 16)
Jan 03 22:53:45 rdns0.edu-zg.io systemd[1]: Stopping AS34288 unbound
rDNS Server...
Jan 03 22:53:45 rdns0.edu-zg.io systemd[1]: as34288.unbound.service:
control process exited, code=exited status=1
Best regards
Christian
More information about the Unbound-users
mailing list