Domain does not validate
Rainer Duffner
rainer at ultra-secure.de
Thu May 27 08:35:24 UTC 2021
Hi,
I have a setup where unbound is behind BIND 9.11 (due to RPZ handling).
In this setup, unbound cannot resolve one particular domain: nkb.ch due to DNSSEC failure.
However, BIND does correctly resolve the domain.
unbound:
server:
username: unbound
statistics-cumulative: yes
extended-statistics: yes
interface: 127.0.0.1
interface: 192.168.1.60
outgoing-interface: 192.168.1.60
chroot: /usr/local/etc/unbound
auto-trust-anchor-file: /usr/local/etc/unbound/root.key
verbosity: 5
use-syslog: yes
log-queries: yes
do-ip6: no
qname-minimisation: yes
# disable this for now
so-reuseport: no
#
# because of DNS-over-TLS
incoming-num-tcp: 100
access-control: 127.0.0.0/8 allow
access-control: 192.168.1.0/24 allow
#
include: /usr/local/etc/unbound/forward.conf
include: /usr/local/etc/unbound/control.conf
Log:
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 127.0.0.1 nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 1 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0RDd mod1 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 9 ;; QUESTION SECTION: nkb.ch. IN MX ;; ANSWER SECTION: nkb.ch. 2998 IN MX 20 mail20.nkb.ch. nkb.ch. 2998 IN MX 10 mail10.nkb.ch. ;; AUTHORITY SECTION: nkb.ch. 2998 IN NS ns2.securedns.ch. nkb.ch. 2998 IN NS ns1.securedns.ch. nkb.ch. 2998 IN NS ns3.securedns.ch. nkb.ch. 2998 IN NS ns4.securedns.ch. ;; ADDITIONAL SECTION: mail10.nkb.ch. 2998 IN A 185.5.58.106 mail20.nkb.ch. 2998 IN A 46.140.211.106 ns1.securedns.ch. 2998 IN A 91.194.196.36 ns2.securedns.ch. 2998 IN A 91.194.196.37 ns3.securedns.ch. 2998 IN A 77.109.136.195 ns4.securedns.ch. 2998 IN A 185.206.180.142 ns1.securedns.ch. 2998 IN AAAA 2a01:6980:aca9:100::21 ns2.securedns.ch. 2998 IN AAAA 2a01:6980:aca9:100::22 ns3.securedns.ch. 2998 IN AAAA 2001:1620:20ad:200::37 ;; MSG SIZE rcvd: 332
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: no signer, using nkb.ch. TYPE0 CLASS0
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: prime trust anchor
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate keytag query _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 3 recursion states (1 with reply, 1 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1vRDd mod1 _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 2RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: . IN DNSKEY ;; ANSWER SECTION: . 86400 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} . 86400 IN DNSKEY 256 3 8 AwEAAa+HvD7XXjmL+1htThUQyZW7oWGnjzKHJASg3TSR5Bmu5LfnSVW7fxqZa2oAYo2ionIQWyqAj/loApzg8GNMhyIibftPJso54uWRQ2GaoMrwLD5SLu676kf7urJq6nqdjNC0aJM/C888li69lVH6tiu2tZm1NH3cmgfnMUJpD60bsrDUqs7XwftmNkdkHa4ltQbM3UNPyfTaNBQYoH3wpOpSjdk3tyDRnreBO6Idrw+DGf/rve4sL3qiSaXfYIkcwAwozxR34iHU5dbCDs8S6FmZYhoSVKVgNSUkudxhd9/6RrZkYRgvwRsQXl3UwsacU1DsXcORqIC+7NlQ6M2OJVU= ;{id = 14631 (zsk), size = 2048b} . 86400 IN RRSIG DNSKEY 8 0 172800 20210611000000 20210521000000 20326 . cS+Q/Fz7GGC2l/Mlv6LCuawcezxDVnljzhpSlQNxdjAAaCcVxc+tq7DjexnuxktXsK6wlxTl3hYjkqQDHTsEsgKwgC5WkFj+YDbjwYIICrnJV6AmMgmmwNQKJiZtTcDoZMYbrpWgT7grKKD3gIJlFy+xHTG2Nb/YYZqbDqxTUYslac1tkB2/AVC94Y5Hp35/rUfsjGUfLYIjC/vfjJ8tnLmOo2nmV2h6gznllygibh4mDB6thGd4M0X+rTtWFADXLwTLttw8Y3658tyxboTh/94CI2OESqKXvxHG9SKjezs0qhQTQxSoHS7mtHHNMpLAZSyeABl1Dx5Id1sJ1YeDMg== ;{id = 20326} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 853
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: autotrust process for . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validate keys with anchor(DS): sec_status_secure
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: Successfully primed trust anchor . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: FindKey nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: current keyname . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: target keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: next keyname ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 3 recursion states (1 with reply, 1 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1vRDd mod1 _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 2RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 0 ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: _ta-4f66. IN NULL ;; ANSWER SECTION: ;; AUTHORITY SECTION: . 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2021052700 1800 900 604800 86400 . 86400 IN RRSIG SOA 8 0 86400 20210609050000 20210527040000 14631 . ol3akH/idkAglwDTE2kkpwq0CNYuqBY95ULgZVPnG/jtCoaHkVIFf0oNmOMpTZx0EGpbmXK1SH3C/aqqzmRa4FWzFituXNp1xaOBiWyRJpzstCbMc7PeG2Ho5qT/EPzNMFXMg5TYYO9LjOLYwkbRC2Zq5/smDPavRmFqUE5Z8PZZXrX+S+lRIZNOc5c0fetSBJWTFez6oQdJcmPIw3qyL1Hjxv+B970h73ZIPDbK66U6R8U8E71SJC0+i+IzDzg7RLu2LIHf4afNFCpM0Z2+jro497SFCvsEeSKfhOSNs6HXPECDSv1SMKuR5m8lG0fK31Lx4IMUnIrfYpWyTo0GXw== ;{id = 14631} . 86400 IN NSEC aaa. NS SOA RRSIG NSEC DNSKEY . 86400 IN RRSIG NSEC 8 0 86400 20210609050000 20210527040000 14631 . amcSijuP9mGY5TwXevHWzIYUbfS8NglYRPcOkEvaU9k2HjffMJlX234NVOW33njjpNhPwT3sfLFnbgM4uBvHVIpQftjkudcQDXpTKeEXoqXrcfcofuVvN/XQqrdf92rFbm2dRGSpFHTdhmTCxH3LfST19a08ETBbZyRg9qiRrz9/1Df9PCXqCWRCv3TBEbQ6ZMvID07zgahFY4F5jY4eo1RRmweiypuAoy/CeC1aKHLydQTsY9RJCBaxsSIhkuCJHE+IsfxpiO10vEtNu4Mt+4royLGZSC7vqVmzanS8f1zafeFM0DmPVARGOYQiHTzR3abP4Y5Adp5wuh5Z7Vpy5g== ;{id = 14631} ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 698
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was NXDOMAIN ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query _ta-4f66. NULL IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ch. IN DS ;; ANSWER SECTION: ch. 86400 IN DS 1053 13 2 94D834BEF7536BFE6ECB4682E1151BDD4882CA12C6DB2C1AA64CB0E9D4DA5222 ch. 86400 IN RRSIG DS 8 1 86400 20210609050000 20210527040000 14631 . A+3dnbi4bOApjO+UZL886hs8TCBfUsfCLXWDg3qxNod2UBneI2s5btmQKaP7xUeYkn4OMfCCpv0CdzIxaCD9ZVHA+zgRHCZWToaTzJ6Doop8QAB20I88s1ErfX19tIcFHigFi45bhKriuF5NxRy54+kfm71gUC5gZU0+oJ5b8st5JBc6h8Jipuhg6liV8+zjZs9l13Zy1pYFYtftYMiDJwMP6mbnrmdJ3Pv7kEHDBhIbwrKuCPqdPjx+6yRzMhWpIb/yLEBAnrEkhloUy1+C0FDuA5atH1vHoEFejBfpyqkexikt72MVymFVGKibQ/irqLqymvmKmr7+NrZlbTcraQ== ;{id = 14631} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 355
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: verify rrset ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validated DS ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: FindKey nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: current keyname . DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: target keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: next keyname ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DS RRset ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ch. IN DNSKEY ;; ANSWER SECTION: ch. 85798 IN DNSKEY 257 3 13 kr4o4HQBltkJbi/uQ03HU9DY4eKY9gVHyHJk/Qw1ZRYeCb/QMQ8hx0gN5o0lTBEqO/H5DwCWxM33aUwBBZostw== ;{id = 1053 (ksk), size = 256b} ch. 85798 IN DNSKEY 256 3 13 SMCx7OwqldNbwYa1KPvOC1JYYCg650Pr3k0tte1e1v4DBBI7fr8r86u3GA/hZH54OvDGtEdaCvQFH9ATvulBCQ== ;{id = 26777 (zsk), size = 256b} ch. 85798 IN DNSKEY 256 3 13 mkq7fKwtqE63+fZOXLQm/A3KwERRApDGSKRBxaD6RNQeJRrDRfD1F3KmFyc0K5BbQ1aj3mLGOF5Tf4hBS4ANjQ== ;{id = 31174 (zsk), size = 256b} ch. 85798 IN RRSIG DNSKEY 13 1 86400 20210624100909 20210509090909 1053 ch. ehmogXXEoOHr09MFAThv0Q4QT9vP3+TUU8U9P8MSDq6oltC97ROJdKqokXqV62hJGvWYb6k3JYDR2KCGVxc19g== ;{id = 1053} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 358
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validated DNSKEY ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: FindKey nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: current keyname ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: target keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: next keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DS RRset ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: nkb.ch. IN DS ;; ANSWER SECTION: nkb.ch. 2998 IN DS 35452 8 2 BD1476418FB2ACC3578C8041272975686C960C706CF551A82A17D38E904AE43B nkb.ch. 2998 IN RRSIG DS 13 2 3600 20210623104441 20210524100200 31174 ch. i+EMIS2Tl+aWG41eJyGZ3OKvhNpY/PkgFPU45MxhPGqPMXjWC1+xyV9VRIYYzWqKcEEDps2MjyEui6+ax/x8gw== ;{id = 31174} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 170
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: verify rrset nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validated DS nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: FindKey nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: current keyname ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: target keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: next keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DS RRset nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: nkb.ch. IN DNSKEY ;; ANSWER SECTION: nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAbX4dsGpdpbFnAQUTNLsen8hV+fm008/twYyi5hKv7hqgxJv41PEWCNHW8+WsgddgBboQd8pkPGI8r0O/6hWeNwvPp1YCYXr0P60YMmtk4QUBQnh6UhsHsGXSYzMRShzVpX6obRRej5+nzqQYY8l4y8GxBdVwz2dMYGBIMaSqUPh ;{id = 24028 (zsk), size = 1024b} nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAau9V1gNmiuA7xBMQKSKTOUEZ6fQUQXSHTouGjDMpeCxB8fjYTk7lImWvJQXu9Zf5Pc6oVoQNxUGhm62bIuwCHzXpGJALRWQwVMYTmWcqq7Pxu5nfShNbfNEhf7f9Yien2nfZVQ5T5LnKAaqRarRCJl0mlhJs44h7K5IDwF5vnk1 ;{id = 50191 (zsk), size = 1024b} nkb.ch. 2999 IN DNSKEY 257 3 8 AwEAAcj3MiPiuxBUJ7UjOwBmmGZK6jBpctEVuF2gID+gS8TOedeOCqh7hgyI2hl0YO9094urxi68zEQWIQWIVzmvD6ThdhQgAxYX3q8jAAvAgH29VYt08AaFeKEHw1uR65VGefHtacJKQLQG5E0ysz+Sq9GPVA7dha2MO2EBPJINVVf5hguCMLzq0d7r2vMGStYorR/FkquUxLz400yIM+yU91K8tjEAjBA32zT7C1uiPIjSpR3AZ/eevv6NA5heZSZBkG1+d8Uhgs4hwU6gnAMVXz+Z2kmlOV7Iyv15GyzzpupyPRvEV+48raD2amKFf6nr1Gg7PWvGYlWxK/3zE83gMg0= ;{id = 35452 (ksk), size = 2048b} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 596
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: FindKey nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: current keyname ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: target keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: next keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DS RRset nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: nkb.ch. IN DNSKEY ;; ANSWER SECTION: nkb.ch. 2999 IN DNSKEY 257 3 8 AwEAAcj3MiPiuxBUJ7UjOwBmmGZK6jBpctEVuF2gID+gS8TOedeOCqh7hgyI2hl0YO9094urxi68zEQWIQWIVzmvD6ThdhQgAxYX3q8jAAvAgH29VYt08AaFeKEHw1uR65VGefHtacJKQLQG5E0ysz+Sq9GPVA7dha2MO2EBPJINVVf5hguCMLzq0d7r2vMGStYorR/FkquUxLz400yIM+yU91K8tjEAjBA32zT7C1uiPIjSpR3AZ/eevv6NA5heZSZBkG1+d8Uhgs4hwU6gnAMVXz+Z2kmlOV7Iyv15GyzzpupyPRvEV+48raD2amKFf6nr1Gg7PWvGYlWxK/3zE83gMg0= ;{id = 35452 (ksk), size = 2048b} nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAau9V1gNmiuA7xBMQKSKTOUEZ6fQUQXSHTouGjDMpeCxB8fjYTk7lImWvJQXu9Zf5Pc6oVoQNxUGhm62bIuwCHzXpGJALRWQwVMYTmWcqq7Pxu5nfShNbfNEhf7f9Yien2nfZVQ5T5LnKAaqRarRCJl0mlhJs44h7K5IDwF5vnk1 ;{id = 50191 (zsk), size = 1024b} nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAbX4dsGpdpbFnAQUTNLsen8hV+fm008/twYyi5hKv7hqgxJv41PEWCNHW8+WsgddgBboQd8pkPGI8r0O/6hWeNwvPp1YCYXr0P60YMmtk4QUBQnh6UhsHsGXSYzMRShzVpX6obRRej5+nzqQYY8l4y8GxBdVwz2dMYGBIMaSqUPh ;{id = 24028 (zsk), size = 1024b} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 596
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: FindKey nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: current keyname ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: target keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: next keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DS RRset nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: nkb.ch. IN DNSKEY ;; ANSWER SECTION: nkb.ch. 2999 IN DNSKEY 257 3 8 AwEAAcj3MiPiuxBUJ7UjOwBmmGZK6jBpctEVuF2gID+gS8TOedeOCqh7hgyI2hl0YO9094urxi68zEQWIQWIVzmvD6ThdhQgAxYX3q8jAAvAgH29VYt08AaFeKEHw1uR65VGefHtacJKQLQG5E0ysz+Sq9GPVA7dha2MO2EBPJINVVf5hguCMLzq0d7r2vMGStYorR/FkquUxLz400yIM+yU91K8tjEAjBA32zT7C1uiPIjSpR3AZ/eevv6NA5heZSZBkG1+d8Uhgs4hwU6gnAMVXz+Z2kmlOV7Iyv15GyzzpupyPRvEV+48raD2amKFf6nr1Gg7PWvGYlWxK/3zE83gMg0= ;{id = 35452 (ksk), size = 2048b} nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAbX4dsGpdpbFnAQUTNLsen8hV+fm008/twYyi5hKv7hqgxJv41PEWCNHW8+WsgddgBboQd8pkPGI8r0O/6hWeNwvPp1YCYXr0P60YMmtk4QUBQnh6UhsHsGXSYzMRShzVpX6obRRej5+nzqQYY8l4y8GxBdVwz2dMYGBIMaSqUPh ;{id = 24028 (zsk), size = 1024b} nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAau9V1gNmiuA7xBMQKSKTOUEZ6fQUQXSHTouGjDMpeCxB8fjYTk7lImWvJQXu9Zf5Pc6oVoQNxUGhm62bIuwCHzXpGJALRWQwVMYTmWcqq7Pxu5nfShNbfNEhf7f9Yien2nfZVQ5T5LnKAaqRarRCJl0mlhJs44h7K5IDwF5vnk1 ;{id = 50191 (zsk), size = 1024b} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 596
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: FindKey nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: current keyname ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: target keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: next keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DS RRset nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: nkb.ch. IN DNSKEY ;; ANSWER SECTION: nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAbX4dsGpdpbFnAQUTNLsen8hV+fm008/twYyi5hKv7hqgxJv41PEWCNHW8+WsgddgBboQd8pkPGI8r0O/6hWeNwvPp1YCYXr0P60YMmtk4QUBQnh6UhsHsGXSYzMRShzVpX6obRRej5+nzqQYY8l4y8GxBdVwz2dMYGBIMaSqUPh ;{id = 24028 (zsk), size = 1024b} nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAau9V1gNmiuA7xBMQKSKTOUEZ6fQUQXSHTouGjDMpeCxB8fjYTk7lImWvJQXu9Zf5Pc6oVoQNxUGhm62bIuwCHzXpGJALRWQwVMYTmWcqq7Pxu5nfShNbfNEhf7f9Yien2nfZVQ5T5LnKAaqRarRCJl0mlhJs44h7K5IDwF5vnk1 ;{id = 50191 (zsk), size = 1024b} nkb.ch. 2999 IN DNSKEY 257 3 8 AwEAAcj3MiPiuxBUJ7UjOwBmmGZK6jBpctEVuF2gID+gS8TOedeOCqh7hgyI2hl0YO9094urxi68zEQWIQWIVzmvD6ThdhQgAxYX3q8jAAvAgH29VYt08AaFeKEHw1uR65VGefHtacJKQLQG5E0ysz+Sq9GPVA7dha2MO2EBPJINVVf5hguCMLzq0d7r2vMGStYorR/FkquUxLz400yIM+yU91K8tjEAjBA32zT7C1uiPIjSpR3AZ/eevv6NA5heZSZBkG1+d8Uhgs4hwU6gnAMVXz+Z2kmlOV7Iyv15GyzzpupyPRvEV+48raD2amKFf6nr1Gg7PWvGYlWxK/3zE83gMg0= ;{id = 35452 (ksk), size = 2048b} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 596
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: FindKey nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: current keyname ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: target keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: next keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DS RRset nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: nkb.ch. IN DNSKEY ;; ANSWER SECTION: nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAbX4dsGpdpbFnAQUTNLsen8hV+fm008/twYyi5hKv7hqgxJv41PEWCNHW8+WsgddgBboQd8pkPGI8r0O/6hWeNwvPp1YCYXr0P60YMmtk4QUBQnh6UhsHsGXSYzMRShzVpX6obRRej5+nzqQYY8l4y8GxBdVwz2dMYGBIMaSqUPh ;{id = 24028 (zsk), size = 1024b} nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAau9V1gNmiuA7xBMQKSKTOUEZ6fQUQXSHTouGjDMpeCxB8fjYTk7lImWvJQXu9Zf5Pc6oVoQNxUGhm62bIuwCHzXpGJALRWQwVMYTmWcqq7Pxu5nfShNbfNEhf7f9Yien2nfZVQ5T5LnKAaqRarRCJl0mlhJs44h7K5IDwF5vnk1 ;{id = 50191 (zsk), size = 1024b} nkb.ch. 2999 IN DNSKEY 257 3 8 AwEAAcj3MiPiuxBUJ7UjOwBmmGZK6jBpctEVuF2gID+gS8TOedeOCqh7hgyI2hl0YO9094urxi68zEQWIQWIVzmvD6ThdhQgAxYX3q8jAAvAgH29VYt08AaFeKEHw1uR65VGefHtacJKQLQG5E0ysz+Sq9GPVA7dha2MO2EBPJINVVf5hguCMLzq0d7r2vMGStYorR/FkquUxLz400yIM+yU91K8tjEAjBA32zT7C1uiPIjSpR3AZ/eevv6NA5heZSZBkG1+d8Uhgs4hwU6gnAMVXz+Z2kmlOV7Iyv15GyzzpupyPRvEV+48raD2amKFf6nr1Gg7PWvGYlWxK/3zE83gMg0= ;{id = 35452 (ksk), size = 2048b} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 596
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: FindKey nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: current keyname ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: target keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: next keyname nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DS RRset nkb.ch. DS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: generate request nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: resolving nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: processQueryTargets: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: sending query: nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0vRDCD mod1 nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 1RDdc mod0 rep nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: iterator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: scrub for . NS IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: response for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: reply from <.> 192.168.1.61#53
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: nkb.ch. IN DNSKEY ;; ANSWER SECTION: nkb.ch. 2999 IN DNSKEY 257 3 8 AwEAAcj3MiPiuxBUJ7UjOwBmmGZK6jBpctEVuF2gID+gS8TOedeOCqh7hgyI2hl0YO9094urxi68zEQWIQWIVzmvD6ThdhQgAxYX3q8jAAvAgH29VYt08AaFeKEHw1uR65VGefHtacJKQLQG5E0ysz+Sq9GPVA7dha2MO2EBPJINVVf5hguCMLzq0d7r2vMGStYorR/FkquUxLz400yIM+yU91K8tjEAjBA32zT7C1uiPIjSpR3AZ/eevv6NA5heZSZBkG1+d8Uhgs4hwU6gnAMVXz+Z2kmlOV7Iyv15GyzzpupyPRvEV+48raD2amKFf6nr1Gg7PWvGYlWxK/3zE83gMg0= ;{id = 35452 (ksk), size = 2048b} nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAbX4dsGpdpbFnAQUTNLsen8hV+fm008/twYyi5hKv7hqgxJv41PEWCNHW8+WsgddgBboQd8pkPGI8r0O/6hWeNwvPp1YCYXr0P60YMmtk4QUBQnh6UhsHsGXSYzMRShzVpX6obRRej5+nzqQYY8l4y8GxBdVwz2dMYGBIMaSqUPh ;{id = 24028 (zsk), size = 1024b} nkb.ch. 2999 IN DNSKEY 256 3 8 AwEAAau9V1gNmiuA7xBMQKSKTOUEZ6fQUQXSHTouGjDMpeCxB8fjYTk7lImWvJQXu9Zf5Pc6oVoQNxUGhm62bIuwCHzXpGJALRWQwVMYTmWcqq7Pxu5nfShNbfNEhf7f9Yien2nfZVQ5T5LnKAaqRarRCJl0mlhJs44h7K5IDwF5vnk1 ;{id = 50191 (zsk), size = 1024b} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 596
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: query response was ANSWER
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: finishing processing for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator: inform_super, sub is nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: super is nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: Did not match a DS to a DNSKEY, thus bogus.
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: validator operate: query nkb.ch. MX IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: Could not establish a chain of trust to keys for nkb.ch. DNSKEY IN
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: mesh_run: end 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 1 recursion replies sent, 0 replies dropped, 0 states jostled out
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: average recursion processing time 0.017777 sec
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: histogram of recursion processing times
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: [25%]=0 median[50%]=0 [75%]=0
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: lower(secs) upper(secs) recursions
May 27 10:24:48 bind-unbound-test unbound[52804]: [52804:0] info: 0.016384 0.032768 1
Other DNSSEC-enabled domains, like the freebsd.org domain do validate.
I’m running version 1.13.1 on FreeBSD 12.2-P6, compiled with the following flags:
Options :
DNSCRYPT : off
DNSTAP : on
DOCS : off
DOH : on
ECDSA : on
EVAPI : off
FILTER_AAAA : off
GOST : on
HIREDIS : off
LIBEVENT : on
MUNIN_PLUGIN : on
PYTHON : off
SUBNET : off
TFOCL : off
TFOSE : off
THREADS : on
So, I wonder what the problem is?
Rainer
More information about the Unbound-users
mailing list