-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Alan,
You log stops just when it gets interesting - what it does with the NSEC3 response to a DLV lookup for your DLV repository. But anyway, I can see why it fails. Unbound only supports DLV with NSEC, so that it can do aggressive negative caching with that. It has not implemented the mandatory aggressive negative DLV caching for NSEC3. You should change your private dlv repository and sign it with NSEC. Best regards, Wouter On 03/28/2014 10:53 AM, Alan Jurcic wrote: > On 27.03.14 at 16:40, W.C.A. Wijngaards wrote: >> >> Can you provide details logs about what happens when you query >> carnet.hr and get SERVFAIL? Like, with verbosity 4, >> val-log-level: 2. That should also printout a reason for the >> servfail in the logs. If it works for bind, then the bug must be >> in unbound. >> > > Wouter, > > Complete log for the unsigned domain query can be found here: > http://pastebin.com/CBSM4pEz > > It looks like unbound behaves differently for DLV trust anchor. It > expects DNSSEC and when it receives NXDOMAIN for DLV query the > result is an error and SERVFAIL to the user. > > Cheers, > > Alan > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTNUhmAAoJEJ9vHC1+BF+NSVsP/3dPqH/SKsw5npgmaTj8IcYZ tbrU7Y7YR/5yWF2jIF4ZPthutlmyUksVEm213b2KPXt95myLhtoO1oGyOGnDTgaY lyMLtpvrwj6fyO7huTArUoqRjGRbQgEDFue9TQT12HjcS2FKOgKU7WUH5btO+bOx jMYaRyvi5+MVVJbOiUIH2tEO7VwZvhodOhX6lCJ+b+zm6qUXhNnew/WnmklhtptT XjPFajCRMzxpbmuU/tAFSemHwxidBMSY9pq7SBry2MUhhZMoCOsB0BPY6rKVc3tA +u6IwQjy/GatUcFb7RMAnsUY1OBGvRU/ZuftyCvitAQPVFf3GlLMuWKw826xLsET hf0X7K9Zw0dpieeVMuljIYCJ5vB4he6kohWCAK8L9hqedkzVzQtvINI49XBPWGJ7 CaaycnIXiDy1bUrn7u5Qihmyd30IMToVzUelKLipd/wqZ3PO7AprNnR46D3TeWQr 3pHk9GRMwWdwQ10pnPQ73bchm+PpEjAhopk/8Vpweg4KpBDLV5esD67BS2r8TasD M8tq7DoJ95gLivyQ6wJitbNBuzH6eSEbFLirtrr8kcu34AmOQG1vur6fUsfObPmO 3dY6l1ITbvieslUEGYapOUS5NwUnwF7997Fz1f9nw6YGf7g9VP+/nLfHZ9cBxQ6V 592qoac4Nb1UZ6eYcxpL =/ZLF -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
