Hello
today we got this one:
Nov 4 15:51:34 mailer unbound: [17795:1] info: validation failure
<lipsofsuna.org. A IN>: DS got unsigned CNAME answer from 10.5.0.3 and
10.5.0.3 for DS lipsofsuna.org. while building chain of trust
Unbound (127.0.0.1) point of view:
; <<>> DiG 9.4.2-P2.1 <<>> @127.0.0.1 +dnssec lipsofsuna.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29562
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;lipsofsuna.org. IN A
; <<>> DiG 9.4.2-P2.1 <<>> @127.0.0.1 +dnssec +cdflag lipsofsuna.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59237
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;lipsofsuna.org. IN A
;; ANSWER SECTION:
lipsofsuna.org. 529 IN CNAME vhost.sourceforge.net.
vhost.sourceforge.net. 1214 IN A 216.34.181.97
;; AUTHORITY SECTION:
sourceforge.net. 61634 IN NS ns-1.sourceforge.com.
sourceforge.net. 61634 IN NS ns-1.ch3.sourceforge.com.
sourceforge.net. 61634 IN NS ns-2.ch3.sourceforge.com.
; <<>> DiG 9.4.2-P2.1 <<>> @127.0.0.1 +dnssec +cdflag lipsofsuna.org DS
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6632
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;lipsofsuna.org. IN DS
;; ANSWER SECTION:
lipsofsuna.org. 504 IN CNAME vhost.sourceforge.net.
;; AUTHORITY SECTION:
sourceforge.net. 120 IN SOA ns-1.ch3.sourceforge.com.
hostmaster.corp.sourceforge.com. 2010110300 14400 1800 604800 3600
and Bind 9.7 (10.5.0.3) point of view
; <<>> DiG 9.4.2-P2.1 <<>> @10.5.0.3 +dnssec lipsofsuna.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35972
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;lipsofsuna.org. IN A
;; ANSWER SECTION:
lipsofsuna.org. 485 IN CNAME vhost.sourceforge.net.
vhost.sourceforge.net. 2285 IN A 216.34.181.97
;; AUTHORITY SECTION:
sourceforge.net. 61590 IN NS ns-1.sourceforge.com.
sourceforge.net. 61590 IN NS ns-2.ch3.sourceforge.com.
sourceforge.net. 61590 IN NS ns-1.ch3.sourceforge.com.
; <<>> DiG 9.4.2-P2.1 <<>> @10.5.0.3 +dnssec +cdflag lipsofsuna.org DS
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32497
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;lipsofsuna.org. IN DS
;; ANSWER SECTION:
lipsofsuna.org. 468 IN CNAME vhost.sourceforge.net.
;; AUTHORITY SECTION:
sourceforge.net. 84 IN SOA ns-1.ch3.sourceforge.com.
hostmaster.corp.sourceforge.com. 2010110300 14400 1800 604800 3600
Unbound is configured to use the Bind 9.7 at 10.5.0.3 as Forwarder.
Where is the problem so unbound does not validate it?
Many Thanks
Andreas
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
