On 16/12/2011 19:32, Mike Cardwell wrote: > Can anyone explain what is going on with the domain matt.io? I'm > running Unbound 1.4.9 and have it set up to do DNSSEC validation. > "dig matt.io" SERVFAIL's, however "dig +cd matt.io" works fine. > This domain doesn't have DNSSEC on it though... I also noticed that > when I attempt to look up the NS records, all it returns is a > CNAME. Is that valid? > > Is matt.io's DNS configuration broken, or is Unbound broken?
Hi Mike, The DNS setup of matt.io is broken. They've made the well-known mistake of mixing a CNAME record with other records: ; <<>> DiG 9.7.3-P3 <<>> +norec ns matt.io @DNS1.NAME-SERVICES.COM ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17082 ;; flags: qr aa; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 5 ;; QUESTION SECTION: ;matt.io. IN NS ;; ANSWER SECTION: matt.io. 1800 IN CNAME eb.blagomatic.com. matt.io. 3600 IN NS dns1.name-services.com. matt.io. 3600 IN NS dns2.name-services.com. matt.io. 3600 IN NS dns3.name-services.com. matt.io. 3600 IN NS dns4.name-services.com. matt.io. 3600 IN NS dns5.name-services.com. Regards, Anand Buddhdev RIPE NCC _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
