Hi Tiemen,
it might help you to use dig and delv to debug dns related issues. SERVFAIL is
quite often some issue in DNSSEC validation. To ensure validation is
reponsible, try just:
dig +cd download.wisselkoersenvoorjeadministratie.nl
It it succeeds, validation is responsible. Quite good tool to discover what is
wrong in that is delv. Use +vtrace to get details. If your server provides
recursive service, try targetting it with @127.0.0.1.
delv +cd +vtrace @127.0.0.1 download.wisselkoersenvoorjeadministratie.nl
If it tells you fully validated, it is ok. Try removing +cd. When it still
validates, bind should get the same results. Only cached records may produce
different results.
Try flushing cache under that domain:
rndc flushtree wisselkoersenvoorjeadministratie.nl
In case owner of that domain fixed the signature, it might help. If this did
not help and you are quite sure this is uninteded error, temporary validation
exception could be set. Before you do it, you should be confident noone tried
to push you wrong answer into your cache. Usually, it should be error on domain
server's that its operator had not yet fixed.
rndc nta wisselkoersenvoorjeadministratie.nl
Note NTA is time limited for a reason. Correct is fixing it on authoritative
servers and flushing just cached tree. Check man rndc for details.
named-pkcs11 trace logs would get you similar messages to delv. But I find delv
easier to use if possible.
Validation of www.regenboog-lelystad.nl. failed few minutes ago to me, but
seems to be fixed now.
Regards,
Petr
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
