On Sat, Nov 21, 2020 at 03:20:26PM -0600, upen wrote:
> .../...
> default.log:21-Nov-2020 15:11:18.008 client @0x7fb6a800c0a0 127.0.0.1#33706
> (www.facebook.com): query failed (broken trust chain) for
> www.facebook.com/IN/A at query.c:6883
> dnssec.log:21-Nov-2020 15:11:18.008 validating www.face
Also, just for testing. Similar happened to me. Try with ‘dnssec-validation no;’
From: bind-users on behalf of julien soula
Sent: Sunday, November 22, 2020 9:31:56 AM
To: upen
Cc: bind-users@lists.isc.org ; BIND Users
Subject: Re: Servfail on Bind -9.16.1
On
On Sun, Nov 22, 2020 at 8:14 AM Ismael Suarez
wrote:
> Also, just for testing. Similar happened to me. Try with
> ‘dnssec-validation no;’
Thank you Ismael, you are right .
The resolution worked after setting ^^^
So to answer Julien also I believe +nodnsdec in the dig would have helped
with res
On Sun, Nov 22, 2020 at 8:14 AM Ismael Suarez
wrote:
Also, just for testing. Similar happened to me. Try with
‘dnssec-validation no;’
On 22.11.20 09:05, upen wrote:
Thank you Ismael, you are right .
The resolution worked after setting ^^^
So to answer Julien also I believe +nodnsdec in the
On Sun, Nov 22, 2020 at 9:35 AM Matus UHLAR - fantomas
wrote:
> >On Sun, Nov 22, 2020 at 8:14 AM Ismael Suarez
> >wrote:
>
> >> Also, just for testing. Similar happened to me. Try with
> >> ‘dnssec-validation no;’
>
> On 22.11.20 09:05, upen wrote:
> >Thank you Ismael, you are right .
> >The res
Ok. Lets start by debugging this from the trust anchor downwards.
Lets see what "dig +dnssec +cd dnskey .” returns. It should return
something like below with 2 DNSKEY records and a RRSIG for the DNSKEY.
The RRSIG is regenerated daily so it will likely differ. The DNSKEY
records should be a exac
Hi Mark and everyone,
Thank you for continuing to help me.
I have set DNS validation to auto from no and restarted the bind9 service.
# egrep dnssec-validation /etc/bind/named.conf.options
dnssec-validation auto;
#dig +dnssec +cd dnskey .
; <<>> DiG 9.16.1-Ubuntu <<>> +dnssec +cd dnskey
I've been getting two identical copies of recent posts to this list
(such as this item). This only started happening in the past 24 hours
or so. Is anyone else seeing this?
Upon examination of the headers of the two copies, it looks like ISC's
list-servers are doing the duplication.
(The first p
> On 23 Nov 2020, at 13:37, upen wrote:
>
> Hi Mark and everyone,
>
> Thank you for continuing to help me.
> I have set DNS validation to auto from no and restarted the bind9 service.
>
> # egrep dnssec-validation /etc/bind/named.conf.options
> dnssec-validation auto;
>
> #dig +dnss
On Sun, 2020-11-22 at 21:56 -0500, Paul Kosinski via bind-users wrote:
> I've been getting two identical copies of recent posts to this list...
Me too, but it's because of people hitting reply-all thinking that they
are replying to the list and the poster. People really need to verify
who they ar
Hello,
Thank you.
1. DS record for com
#dig DS com +dnssec
; <<>> DiG 9.16.1-Ubuntu <<>> DS com +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14029
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
;
11 matches
Mail list logo
