On Thu, 22 Apr 2010, Timothe Litt wrote:
I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV
configured as valdidating resolvers.
Using dig, I get a connection timeout error after a long (~10 sec) delay.
+cdflag provides an immediate response.
Is anyone else seeing this? Ideas on how to troubleshoot?
I have the same problems with our validating unbound instance. The logs show:
Apr 21 18:03:54 nssec unbound: [19439:1] info: validation failure <DNS2.uspto.gov.
A IN>
Apr 21 18:03:54 nssec unbound: [19439:1] info: validation failure <uspto.gov. NS
IN>
Apr 21 18:03:54 nssec unbound: [19439:1] info: validation failure <DNS1.uspto.gov.
A IN>
Apr 22 09:45:32 nssec unbound: [19439:0] info: validation failure <uspto.gov. A
IN>
Apr 22 09:45:34 nssec unbound: [19439:1] info: validation failure <DNS2.uspto.gov.
A IN>
Apr 22 09:45:34 nssec unbound: [19439:1] info: validation failure <uspto.gov. A
IN>
Apr 22 09:45:34 nssec unbound: [19439:1] info: validation failure <uspto.gov. NS
IN>
Apr 22 09:45:34 nssec unbound: [19439:1] info: validation failure <DNS1.uspto.gov.
A IN>
Apr 22 09:46:36 nssec unbound: [19439:1] info: validation failure <www.uspto.gov.
A IN>
Apr 22 09:50:38 nssec unbound: [19439:1] info: validation failure <www.uspto.gov.
A IN>
Apr 22 09:52:35 nssec unbound: [19439:1] info: validation failure <uspto.gov. A
IN>
Apr 22 09:57:53 nssec unbound: [19439:1] info: validation failure <uspto.gov.
DNSKEY IN>
As far as I can tell (including a quick check with dnscheck --test=dnssec,
everything works out, but apparently some data in the zone does not
validate, at last not with the records cached at the time. I do have a
copy of the unbound cache if someone wants to do a post-mortem of validating
all the cached records crypto....
Paul
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
