-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Shmick,
On 07/31/2014 05:18 PM, [email protected] wrote: > > > > TXT IN>: no NSEC3 closest encloser from 127.0.0.1 for DS > host.example.com. > > > could i have some advice about this concerning my domain and what > it could potentially mean ? Unbound received an invalid DNSSEC packet from the authority server. It is missing an NSEC3 record (it indicates which one). > i recently signed my zone with a different algorithm; now signing > zone with NSEC3RSASHA1 i receive this error I guess something went wrong with new signed zone and that NSEC3 RR is missing from the zone, or, your authority server software fails to include that NSEC3 RR in the response. Since the authority server software used to work previously, I would guess the signer is at fault, given you said you were working with that. If you run unbound (or unbound-host) with verbosity 4 (with unbound-host -dddd) then it prints out the packet that it receives in a dig-style output format; that is exactly the packet that is the error. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJT2zz2AAoJEJ9vHC1+BF+NhEEQAKIPcXbbke6eYKX2/Aa2DsSW SpJkUq/DNKGsEngr275FHJfSn3T8T7sogGiBl2HgEn3l7tSicOkx/sDBwh0v9SzC CBldHYsY2up2+bkT/qlX+QtxKBzFOxdzY1g40N61+jBv12aMgUvApcmyFaJDxkEb uSgOZ2TJ8L1rgpwH0IXot6J0y/ny/Q7Ug9iEEMDBL1KhypM+woe5dnTNhi65g8S+ rOwbDQKujV6Wg+4nRsWFlT2MRG9Mg5RDpCZsoThQs8ezpw1aF6wKlO1RAZ6DJ/jW xGl7prxUfhfHVG5lbb6OWRSE657tqzuYwGAHKwxDRPz9YLkXBTF2967cUpDqk8WW B52xf7fg4E2/z0QIK7ffEegbROg3td4wJtSekTiuEHUR8ji8pnwH8raFdiCTONtE V7ot3TAljrMWeuVtwjVwuQz/o5Wgq4JmhzxKJYBTcpDydOK1mE5cqrvru7ruDF4T qLTaPHEL4TAFuBYJWKEgCpb1Y47YIJIM2r9oXEedPC3PtPp3MUpizeJ/P0OJsCVN B9IJw62X837jStsblPfbkHmOG+R/z6RV9HwwDbN1K3hrS5R46IS9l+PKq35V3DF2 CHcKjGmiPpfamqXzCf0jYPVoiUsXDVPxumXZVC5rUXJ/gPmg6XlwfqG2SF6ypf3g +SpibFMBVHyiRikvyXG3 =AfbK -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
