On Wed, Mar 02, 2016 at 08:45:11 -0500, Casey Deccio wrote: > On Wed, Mar 2, 2016 at 6:39 AM, Olav Morken via Unbound-users < > [email protected]> wrote: > > > sorry for the rather longwinded email. In the interest of saving some > > time, here is a short summary: > > > > > Hi Olav, > > Would mind trying the DNSViz command-line tool [1] against the resolvers to > see if anything shows up? After install, run: > > dnsviz probe -s x.x.x.x pingapi.paas.uninett.no | dnsviz grok -plwarning > dnsviz probe -s x.x.x.x pingapi.paas.uninett.no | dnsviz graph -Thtml -O > > (substitute x.x.x.x for the BIND and unbound resolvers, in turn) > > I'm curious if anything shows up there.
Unfortunately, the BIND server only tends to return responses where the authority-section has NS-records but no RRSIG-record during the night. I suspect it has something to do with traffic levels and what other systems are accessing it. It makes it all a bit hard to troubleshoot. The main source of information for troubleshooting has been a combination of PCAP-files and log files. I have grabbed a capture from the Unbound resolver that I have attached to this email. If I ever happen to catch the BIND resolver having this behavior, I'll try to catch the output from it as well, but I won't make any promises. The output of `dnsviz -grok -plwarning` only contains: > Analyzing pingapi.paas.uninett.no > Analyzing paas.uninett.no > Analyzing uninett.no > Analyzing no > Analyzing . > Analyzing paas-lb.uninett.no The HTML output from the DNSViz on the Unbound server is available here: https://uninett.box.com/s/3uz8fz7055oe788yrf0en3dmx651eyg1 (Changed from an attachment due to size restrictions on the list.) Best regards, Olav Morken UNINETT / Feide
