Hi,
I'm running Unound 1.7.0 with all the fancy features enabled (qname
minimisation, aggressive NSEC caching, the lot).
When I start with an empty cache, this DNAME domain causes a SERVFAIL:
dig A _sidn._dnssec-valcheck-20180418.z-347054971.bergzand.nl
(same for slxh.nl)
Second at
Hi Søren,
It looks like frederiksberg.dk is doing an algorithm roll-over, from
SHA1 to SHA256. There are SHA256 DS records in the parent zone, but the
zone itself is still signed with the older key and SHA1 signatures.
Regards,
Anand
On 18/04/2018 11:54, Søren Peter Skou via Unbound-users wrote:
(Apologies for stupid quoting - Corporate Exchange does not like me..)
Having fiddled a bit around with unbound-host, I got this :
[1524049237] libunbound[21181:0] info: Did not match a DS to a DNSKEY, thus
bogus.
[1524049237] libunbound[21181:0] info: Could not establish a chain of trust to
ke
Hi Søren,
On 18/04/18 11:54, Søren Peter Skou via Unbound-users wrote:
> Hiya all,
>
>
>
> This perplexes me a bit. My unbound seems to have taken a dislike
> towards a couple of domains. Specificially frederiksberg.dk and fkb.dk
> and the tld .ke If I try doing a dig ns frederiksberg.dk and
Hiya all,
This perplexes me a bit. My unbound seems to have taken a dislike towards a
couple of domains. Specificially frederiksberg.dk and fkb.dk and the tld .ke If
I try doing a dig ns frederiksberg.dk and equivalent for fkb.dk – I simply get
a SERVFAIL. Initially I thought it might be somet