On 17/12/11 00:04, Anand Buddhdev wrote: >> Can anyone explain what is going on with the domain matt.io? I'm >> running Unbound 1.4.9 and have it set up to do DNSSEC validation. >> "dig matt.io" SERVFAIL's, however "dig +cd matt.io" works fine. >> This domain doesn't have DNSSEC on it though... I also noticed that >> when I attempt to look up the NS records, all it returns is a >> CNAME. Is that valid? >> >> Is matt.io's DNS configuration broken, or is Unbound broken? > > The DNS setup of matt.io is broken. They've made the well-known > mistake of mixing a CNAME record with other records:
Ah, I see. I'll contact him and let him know. Can anyone explain why these two results differ for me? mike@server:~$ dig +short ns matt.io mike@server:~$ dig +short +cd ns matt.io eb.blagomatic.com. mike@server:~$ I understand that his zone is broken, but why does that make Unbound return a different response depending on whether or not DNSSEC is enabled? He might have noticed this problem earlier if Unbound refused to return an address even with DNSSEC disabled... -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
