-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Andreas,
The trouble is that bind does not respond with the correct response to the query for the DS. Unbound can do nothing but fail the query. (Thank you for the validation error line and those dig outputs, that really helps!). > and Bind 9.7 (10.5.0.3) point of view > ; <<>> DiG 9.4.2-P2.1 <<>> @10.5.0.3 +dnssec +cdflag lipsofsuna.org DS > ;; QUESTION SECTION: > ;lipsofsuna.org. IN DS > ;; ANSWER SECTION: > lipsofsuna.org. 468 IN CNAME vhost.sourceforge.net. > ;; AUTHORITY SECTION: > sourceforge.net. 84 IN SOA ns-1.ch3.sourceforge.com. > hostmaster.corp.sourceforge.com. 2010110300 14400 1800 604800 3600 > > Unbound is configured to use the Bind 9.7 at 10.5.0.3 as Forwarder. > Where is the problem so unbound does not validate it? > This response should have contained the NSEC3s and their RRSIGs that came with the referral from .org. It seems to be an error in Bind 9.7. As a consolation, unbound has the same error, which I have just fixed in svn (r2335). Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzUIz4ACgkQkDLqNwOhpPhBdgCgrNxH+YIqoviZRygpmfwbVVLZ w94AoLEGMCxj4jFkkYRYuxOc/TGC6/Aq =fKy1 -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
