Paul Niemi
2015-01-06 21:10:27 UTC
Hello,
We are an ISP, and experiencing an issue looking up "packagist.org", with
unbound version 1.4.17 on Debian linux When we have DNSSEC enabled (our
normal configuration), and make a query for "packagist.org", we get a reply
that it does not exist (NXDOMAIN). If we disable the DNSSEC, by commenting
the "auto-trust-anchor-file" line in the config, then the query is
successful. We tried turning up the logging verbosity, but we am not sure
what all is going on in the log. Does anyone have any insight into what is
going on here, or what I should be looking for in the log? We have tried
against some other open DNS servers (Google, OpenDNS) and the query is
successful there, as well. It just seems to be our unbound DNS server with
DNSSEC enabled, that fails.
Thank you,
Paul
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this email. Please notify the sender
immediately by e-mail if you have received this email by mistake and delete
this e-mail from your system. If you are not the intended recipient you are
notified that disclosing, copying, distributing or taking any action in
reliance on the contents of this information is strictly prohibited.
We are an ISP, and experiencing an issue looking up "packagist.org", with
unbound version 1.4.17 on Debian linux When we have DNSSEC enabled (our
normal configuration), and make a query for "packagist.org", we get a reply
that it does not exist (NXDOMAIN). If we disable the DNSSEC, by commenting
the "auto-trust-anchor-file" line in the config, then the query is
successful. We tried turning up the logging verbosity, but we am not sure
what all is going on in the log. Does anyone have any insight into what is
going on here, or what I should be looking for in the log? We have tried
against some other open DNS servers (Google, OpenDNS) and the query is
successful there, as well. It just seems to be our unbound DNS server with
DNSSEC enabled, that fails.
Thank you,
Paul
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this email. Please notify the sender
immediately by e-mail if you have received this email by mistake and delete
this e-mail from your system. If you are not the intended recipient you are
notified that disclosing, copying, distributing or taking any action in
reliance on the contents of this information is strictly prohibited.