On Wed, 1 Jul 2009, Harish Chandra wrote:
Without DNSSec, forwarding is working fine. With DNSSec enabled (I am using DLV), forwarding fails when I forward my querries to a server that isn't dnssec enabled. The output from the log looks like this:
[1246456813] unbound[7919:0] info: verify rrset <dlv.isc.org.. DNSKEY IN> [1246456813] unbound[7919:0] debug: rrset failed to verify due to a lack of signatures
Are you running trunk? There is a bug upto 1.3.0 that caused DLV to fail.
The failure appears because of a signature mismatch. But why is validation taking place when the actual resolver can't talk dnssec? My config file looks like this:
It should fall back to non-secure. If your forwarder changes again to one that does relay dnssec information, unbound drops the cache and uses the validator again (If I understood Wouter correctly, I have not verified this myself) Paul _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
