On 28/06/13 15:20, Phil Mayers wrote:
On 28/06/13 14:47, Ehren Hawks wrote:
Their Unbound server fails just as mine do, but their BIND server
returns the A record. I’m reluctant to disable DNSSEC validation over
this one domain, considering there appears to be an actual problem.
Considering BIND as well as Google’s public DNS are validating this site
OK I figured it was worth bringing up.
Any feedback is appreciated!
It's working for me from here (bind 9.9, DNSSEC-validating). They might
have fixed it - try flushing your cache or restarting unbound.
Just to add, it looks like they may have moved to NSEC3 recently. I've
seen big problems when sites do this - lots of people seem to forget
that changing key algorithms is a KSK rollover and comes with very tight
TTL constraints; I note the TTLs on the DNSKEY in-zone are 86400. I bet
they got over-keen and resigned too quickly.
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
