unbound responds with status SERVFAIL for request 'dig foo.dname2.example. any +dnssec'. I think it means unbound failed to validate the data and i found such statements in log: 12-Jul-2011 09:32:51.666 info: no signer, using <foo.dname2.example. TYPE0 CLASS0> would it be 'example' the signer instead of 'foo.dname2.example'?
here is the response for request with cd bit set $ dig foo.dname2.example. any @10.53.0.8 +cdflag ; <<>> DiG 9.7.3 <<>> foo.dname2.example. any @10.53.0.8 +cdflag ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40226 ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 7, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;foo.dname2.example. IN ANY ;; ANSWER SECTION: dname2.example. 300 IN DNAME dname2-target.example. dname2.example. 300 IN RRSIG DNAME 3 2 300 20110811002909 20110712002909 41604 example. BKfBYKdcGieT+EEIGl2vilfsl7egcmfvQsLgAwEhp1vQPJTxkNNJ6BM= foo.dname2.example. 0 IN CNAME foo.dname2-target.example. foo.dname2-target.example. 300 IN TXT "testing dname" foo.dname2-target.example. 300 IN RRSIG TXT 3 3 300 20110811002909 20110712002909 41604 example. BAXpPonMvpx/Dyw/z0UP9DwYiLWlrffj9zJF7V7kfxpLF7X/mTftZWE= foo.dname2-target.example. 3600 IN NSEC dynamic.example. TXT RRSIG NSEC foo.dname2-target.example. 3600 IN RRSIG NSEC 3 3 3600 20110811002909 20110712002909 41604 example. BFyRlAUY3vBL2E7JEyezzaxjgBoycn0M5ZXJ8vRxa7suQi7cnoo6Z1s= ;; AUTHORITY SECTION: example. 300 IN NS ns2.example. example. 300 IN NS ns3.example. ;; ADDITIONAL SECTION: ns2.example. 300 IN A 10.53.0.2 ns3.example. 300 IN A 10.53.0.3 ;; Query time: 92 msec ;; SERVER: 10.53.0.8#53(10.53.0.8) ;; WHEN: Tue Jul 12 09:38:11 2011 ;; MSG SIZE rcvd: 474 _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
