[Unbound-users] DLV anchor and unsigned domains

Alan Jurcic Alan.Jurcic at CARNet.hr
Fri Mar 28 09:53:52 UTC 2014


On 27.03.14 at 16:40, W.C.A. Wijngaards wrote:
> 
> Can you provide details logs about what happens when you query
> carnet.hr and get SERVFAIL?  Like, with verbosity 4, val-log-level: 2.
>  That should also printout a reason for the servfail in the logs.  If
> it works for bind, then the bug must be in unbound.
> 

Wouter,

Complete log for the unsigned domain query can be found here: http://pastebin.com/CBSM4pEz

It looks like unbound behaves differently for DLV trust anchor. It expects DNSSEC and when 
it receives NXDOMAIN for DLV query the result is an error and SERVFAIL to the user.

Cheers,

Alan



More information about the Unbound-users mailing list