Hello Ananad, and all, >www.facebook.com $ dig @127.0.0.1 -t A www.facebook.com
; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 -t A www.facebook.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38917 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: a18d9ed2a6d1bcd6010000005fb982763dfdafed174d4ef1 (good) ;; QUESTION SECTION: ;www.facebook.com. IN A ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Nov 21 15:11:18 CST 2020 ;; MSG SIZE rcvd: 73 > Your instance of BIND is probably logging to syslog. Look for these logs > (usually /var/log/messages), and see what BIND is logging. It may shed a > light on the problem. Thank you. I enabled logging and when I grep for www.facebook.com , I notice the following output from four different log files named. debug.log:21-Nov-2020 15:11:18.004 queries: info: client @0x7fb6a800c0a0 127.0.0.1#33706 (www.facebook.com): query: www.facebook.com IN A +E(0)K (127.0.0.1) default.log:21-Nov-2020 15:11:18.008 client @0x7fb6a800c0a0 127.0.0.1#33706 (www.facebook.com): query failed (broken trust chain) for www.facebook.com/IN/A at query.c:6883 dnssec.log:21-Nov-2020 15:11:18.008 validating www.facebook.com/CNAME: bad cache hit (com/DS) lame-servers.log:21-Nov-2020 15:11:18.008 broken trust chain resolving ' www.facebook.com/A/IN': 129.134.31.12#53 Before running this query I also added dnssec-validation auto; to the options file and restarted the bind9 service. It's pointing to a broken trust chain which I am unsure how to resolve. Thanks, Upen On Sat, Nov 21, 2020 at 3:11 PM Anand Buddhdev <ana...@ripe.net> wrote: > On 21/11/2020 21:53, upen wrote: > > Hi Upen, > > > Could you someone guide me to troubleshoot this further? Thank you for > the > > list. > > Your instance of BIND is probably logging to syslog. Look for these logs > (usually /var/log/messages), and see what BIND is logging. It may shed a > light on the problem. > > Regards, > Anand > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- upen, emerge -uD life (Upgrade Life with dependencies)
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
