On Mon, 10 Jan 2011, W.C.A. Wijngaards wrote:
What was the query that servfailed?
There was nothing that servfailed, that was the point.
I can see in the logs that it is
retrying xelerance.org queries (for A, AAAA and type RRSIG). Because
type RRSIG cannot be validated, you may have received a reply for that one.
Yes, I digged specifically for xelerance.org
Could it be that your (Mac?) tried to fail over to another DNS server
no. It was Fedora Linux, resolv.conf not used at all
even though you did not want that? What you say about resolv.conf makes
this unlikely, and you did a straight dig @127.0.0.1, I guess.
Yes.
I always restarted unbound fully.
Good to know.
I did capture the logs, mailed to you offlist.
Thanks!
Did you notice these lines:
remote control failed ssl crypto error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Looks like some garbage connection to the unbound-control port.
I might have made some unbound-control command errors. I don't remember.
It looks like you have a downstream validator, and this unbound does not
have a lot of trust anchors?
It just had the root key.
It has trust anchors, right? I can see
you editing trust anchor config earlier in the logs.
Yes, I had some syntax errors before i finally had the syntax right :)
The downstream
validator seems to make DNSKEY and RRSIG queries. And I see a lot of
retries (due to DNSSEC failures?).
I guess?
These logs are confusing, I see they are log level 4 or 5 or so, but
they are missing stuff (such as the configured trust anchors printout at
start).
I grepped for "unbound". I'll check the logs and see if some lines do not
contain that string.
Paul
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
