Vladimír ?unát wrote:- >Are you sure that you used the latest version? (5.4.4, a month old) >Bug details: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1237
Thanks. Embarrassingly I was running 5.4.2, and an upgrade to 5.4.4 has (obviously!) fixed the issue in Knot Resolver. Out of interest, updating the lab (which tries to use "out of the box" configs, but with DNSSEC validation, of standard packages), also upgraded:- Bind 9.11.26-4.el8_4 to 9.11.26-6.el8 Unbound 1.7.3-15.el8 to 1.7.3-17.el8 after which Unbound could resolve it, but Bind continued to return SERVFAIL. Viktor Dukhovni wrote:- >The more likely source of trouble can be seen by clickin on the "Errors" >button: > > aws.amazon.com zone: The server(s) did not respond authoritatively for the > namespace. (34.196.62.143, 52.9.140.222, 52.9.146.37, 52.16.221.207, > 52.19.138.45, 52.86.96.73) > aws.amazon.com/CNAME: The Authoritative Answer (AA) flag was not set in > the response. (34.196.62.143, 52.9.140.222, 52.9.146.37, 52.16.221.207, > 52.19.138.45, 52.86.96.73, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN) > console.aws.amazon.com zone: The server(s) did not respond authoritatively > for the namespace. (34.196.62.143, 52.9.140.222, 52.9.146.37, 52.16.221.207, > 52.19.138.45, 52.86.96.73) > us-east-1.console.aws.amazon.com zone: The server(s) did not respond > authoritatively for the namespace. (34.196.62.143, 52.9.140.222, 52.9.146.37, > 52.16.221.207, 52.19.138.45, 52.86.96.73) Ah - thank you for your ever helpful observations! -:) That suggests to me that the authoritative setup is somewhat "fragile". Do folks think that such a setup deserves to work? Or should AWS be encouraged to improve it? -- Best wishes, Matthew _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
