wildcard dnssec test fails

Paul Wouters paul at nohats.ca
Thu Dec 14 05:03:58 UTC 2017


On Thu, 14 Dec 2017, Sebastian Schmidt via Unbound-users wrote:

> I’ve unbound setup on FreeBSD 11.1 and I can’t figure out why "drill www.wilda.nsec.0skar.cz" gives SERVFAIL. The domain is from this (http://0skar.cz/dns/en) test site where it reports
> three failures (2a, 2b and 4). Any help would be appreciated.

It does not fail for me:

$ dig www.wilda.nsec.0skar.cz

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> www.wilda.nsec.0skar.cz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18098
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.wilda.nsec.0skar.cz.	IN	A

;; ANSWER SECTION:
www.wilda.nsec.0skar.cz. 300	IN	CNAME	flexi.oskarcz.net.
flexi.oskarcz.net.	3599	IN	A	85.239.227.179

Is your unbound configured to use another DNS as forwarder? There are
some older known bugs that fail in some corner cases with older
forwarders.

Paul



More information about the Unbound-users mailing list