Op 12/02/2013 om 13:57:45 +0000, schreef Jan Komissar (jkomissa): > The address of ip-lookup.resrepublic.nl. is 192.168.30.150, which is a > private address. Did you set the 'private-address' configuration setting to > disallow private addresses? >
Argh! You are completely right. I was focussing on DNSSEC validation because of the 'no signatures' log from unbound. Thanks! > > -----Original Message----- > > From: [email protected] [mailto:unbound-users- > > [email protected]] On Behalf Of Leo Baltus > > Sent: Tuesday, February 12, 2013 5:06 AM > > To: [email protected] > > Subject: [Unbound-users] Hunting down validation failure > > > > Hi, > > > > We are running unbound-1.4.19 (ldns-1.6.16) now for 2 weeks and we > > received out first complaint about a domain which we cannot explain: > > > > > > Feb 12 09:32:48 idgit13 unbound: [19974:3] info: validation failure > > <ip-lookup.resrepublic.nl. A IN>: no signatures from > > 2001:14a0:100:6::53 Feb 12 09:33:36 idgit14 unbound: [30373:2] info: > > validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from > > 2a01:7c8:a::53 Feb 12 09:37:08 idgit13 unbound: [19974:2] info: > > validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from > > 80.69.67.67 Feb 12 09:45:57 idgit13 unbound: [19974:1] info: validation > > failure <ip-lookup.resrepublic.nl. A IN>: no signatures from > > 217.115.203.194 Feb 12 09:46:28 idgit14 unbound: [30373:1] info: > > validation failure <ip-lookup.resrepublic.nl. A IN>: no signatures from > > 80.69.69.69 Feb 12 10:16:28 idgit13 unbound: [19974:3] info: validation > > failure <ip-lookup.resrepublic.nl. A IN>: no signatures from > > 2a01:7c8:b::53 > > > > Hower using drill (ldns-1.6.16): > > $ drill -DT -k root.key ip-lookup.resrepublic.nl > > > > ;; No DNSKEY record found for ip-lookup.resrepublic.nl. > > [T] ip-lookup.resrepublic.nl. 3600 IN A 192.168.30.150 > > > > Because of firewall-restrictions and the unability to bind() drill to > > an interface I am unable to run drill from the same machine as unbound > > is running, it is also compiled on a slightly different version of > > fedora. > > > > Could somebody please explain what is going on? > > > > -- > > Leo Baltus, internetbeheerder /\ > > NPO ICT Internet Services /NPO/\ > > Sumatralaan 45, 1217 GP Hilversum, Filmcentrum, west \ /\/ > > [email protected], 035-6773555 \/ > > _______________________________________________ > > Unbound-users mailing list > > [email protected] > > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users -- Leo Baltus, internetbeheerder /\ NPO ICT Internet Services /NPO/\ Sumatralaan 45, 1217 GP Hilversum, Filmcentrum, west \ /\/ [email protected], 035-6773555 \/ _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
