DNSSEC external validation issues
Mark Andrews
marka at isc.org
Sun Nov 13 20:40:35 UTC 2011
Fix your normal DNS before attempting to turn on DNSSEC. The NS
RRset is inconsistent between the .ORG zone and zone itself.
n1.bonsi.org ns1.name.com
n2.bonsi.org vs ns2.name.com
n1.name.com ns3.name.com
n2.name.com ns4.name.com
Only two of the 4 servers listed in the .ORG zone are willing to
answer queries for me. n1.bonsi.org and ns1.bonsi.org return
REFUSED.
marka% dig bonsi.org +norec @63.200.45.19
; <<>> DiG 9.6-ESV-R4-P3 <<>> bonsi.org +norec @63.200.45.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 42627
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bonsi.org. IN A
;; Query time: 184 msec
;; SERVER: 63.200.45.19#53(63.200.45.19)
;; WHEN: Mon Nov 14 07:31:59 2011
;; MSG SIZE rcvd: 27
marka%
In message <4EBF1458.4040108 at pacbell.net>, Eduardo Bonsi writes:
> I am trying to DNSSEC validate my external zone bonsi.org but I am
> hitting a wall here. This is my first time trying to validate DNSSEC
> with some obvious frustration. Maybe some one can point me what I am
> failing to do here. Thanks!
>
> The external zone has been signed using the Algorithm: 5 (RSASHA1):
> Here is the public key:
>
> bonsi.org. IN DNSKEY 257 3 5
> AwEAAeAzIIujd7iu+pGOhvSzHHkakbyVorVAeZC1IS9AIWL2jk4v8HWo
> fuHaAMfAJyBnnr+lIWnMWzZSkdI6ustf+z1WTC5Es9f+kFsLpljRTr8G
> cktr1XsbIPyZcfgbky5mrVU2qCaLmv9RhMyQHM2iNyyCXt8M/sefkpLo vt0LIdoL
>
> I entered the public key at the https://dlv.isc.org and I got the
>
> dlv.bonsi.org. 0 IN TXT "DLV:1:iedlibqenpcj"
>
> Then I entered the dlv at the registry parent as a text.
>
> My ds records are:
> bonsi.org. IN DS 3781 5 1
> 886BED13B937E26572BC606BB7B6D1A13600A794
> bonsi.org. IN DS 3781 5 2
> 014FFAA1A1FF3DDDFBC784BBD6C9D0BFF4B1274F27E5A9DD3414BF5F 2792C444
>
> When I tried to enter the ds records in the dnssec section at my registry:
>
> Key Tag: 3781
> Algorithm: 5
> Digest Type: 1
> Max Sig Life (optional):
> Digest:
> 886BED13B937E26572BC606BB7B6D1A13600A794
>
> I got this warning log:
>
> ERROR: Parameter value range error
>
> No supported DNSKEY records were found in DNS. This usually means that
> your name servers are not properly configured for DNSSEC.
>
> No DNSSEC records were found at the registry. This means that your
> domain is not properly configured for DNSSEC.
>
>
> ...and at the dlv.isc.org I got "Servers Unreachable" in their logs.
>
> Here are the dlv.isc.org logs:
>
> 0.000:INFO Started: Fri Nov 11 23:56:47 +0000 2011
> 0.000:INFO RUN: Using TCP for all queries
> 0.119:DEBUG RUN: Got referral
> 0.127:DEBUG RUN: org. 172800 IN NS a0.org.afilias-nst.info.
> 0.127:DEBUG RUN: org. 172800 IN NS a2.org.afilias-nst.info.
> 0.127:DEBUG RUN: org. 172800 IN NS b0.org.afilias-nst.org.
> 0.127:DEBUG RUN: org. 172800 IN NS b2.org.afilias-nst.org.
> 0.127:DEBUG RUN: org. 172800 IN NS c0.org.afilias-nst.info.
> 0.127:DEBUG RUN: org. 172800 IN NS d0.org.afilias-nst.org.
> 0.128:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> a0.org.afilias-nst.info A
> 0.138:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> a0.org.afilias-nst.info A NOERROR
> 0.139:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> a0.org.afilias-nst.info AAAA
> 0.148:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> a0.org.afilias-nst.info AAAA NOERROR
> 0.148:DEBUG RUN GET_ADDRESSES: Caching address for
> a0.org.afilias-nst.info => 199.19.56.1, 2001:500:E::1
> 0.227:DEBUG RUN: Enqueued query 1 to 199.19.56.1 for bonsi.org DNSKEY
> 0.305:DEBUG RUN: Enqueued query 2 to 2001:500:E::1 for bonsi.org DNSKEY
> 0.305:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> a2.org.afilias-nst.info A
> 0.314:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> a2.org.afilias-nst.info A NOERROR
> 0.314:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> a2.org.afilias-nst.info AAAA
> 0.323:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> a2.org.afilias-nst.info AAAA NOERROR
> 0.324:DEBUG RUN GET_ADDRESSES: Caching address for
> a2.org.afilias-nst.info => 199.249.112.1, 2001:500:40::1
> 0.327:DEBUG RUN: Enqueued query 3 to 199.249.112.1 for bonsi.org DNSKEY
> 0.331:DEBUG RUN: Enqueued query 4 to 2001:500:40::1 for bonsi.org DNSKEY
> 0.331:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> b0.org.afilias-nst.org A
> 0.340:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> b0.org.afilias-nst.org A NOERROR
> 0.341:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> b0.org.afilias-nst.org AAAA
> 0.349:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> b0.org.afilias-nst.org AAAA NOERROR
> 0.350:DEBUG RUN GET_ADDRESSES: Caching address for
> b0.org.afilias-nst.org => 199.19.54.1, 2001:500:C::1
> 0.429:DEBUG RUN: Enqueued query 5 to 199.19.54.1 for bonsi.org DNSKEY
> 0.566:DEBUG RUN: Enqueued query 6 to 2001:500:C::1 for bonsi.org DNSKEY
> 0.566:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> b2.org.afilias-nst.org A
> 0.623:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> b2.org.afilias-nst.org A NOERROR
> 0.623:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> b2.org.afilias-nst.org AAAA
> 0.632:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> b2.org.afilias-nst.org AAAA NOERROR
> 0.633:DEBUG RUN GET_ADDRESSES: Caching address for
> b2.org.afilias-nst.org => 199.249.120.1, 2001:500:48::1
> 0.728:DEBUG RUN: Enqueued query 7 to 199.249.120.1 for bonsi.org DNSKEY
> 0.903:DEBUG RUN: Enqueued query 8 to 2001:500:48::1 for bonsi.org DNSKEY
> 0.903:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> c0.org.afilias-nst.info A
> 0.953:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> c0.org.afilias-nst.info A NOERROR
> 0.954:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> c0.org.afilias-nst.info AAAA
> 0.963:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> c0.org.afilias-nst.info AAAA NOERROR
> 0.963:DEBUG RUN GET_ADDRESSES: Caching address for
> c0.org.afilias-nst.info => 199.19.53.1, 2001:500:B::1
> 1.034:DEBUG RUN: Enqueued query 9 to 199.19.53.1 for bonsi.org DNSKEY
> 1.136:DEBUG RUN: Enqueued query 10 to 2001:500:B::1 for bonsi.org DNSKEY
> 1.136:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> d0.org.afilias-nst.org A
> 1.145:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> d0.org.afilias-nst.org A NOERROR
> 1.146:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> d0.org.afilias-nst.org AAAA
> 1.154:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> d0.org.afilias-nst.org AAAA NOERROR
> 1.155:DEBUG RUN GET_ADDRESSES: Caching address for
> d0.org.afilias-nst.org => 199.19.57.1, 2001:500:F::1
> 1.315:DEBUG RUN: Enqueued query 11 to 199.19.57.1 for bonsi.org DNSKEY
> 1.340:DEBUG RUN: Enqueued query 12 to 2001:500:F::1 for bonsi.org DNSKEY
> 1.340:DEBUG RUN: Got activity for 3, from 199.249.112.1
> 1.340:DEBUG RUN: Got referral
> 1.349:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 1.349:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 1.349:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 1.349:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 1.350:DEBUG RUN GET_ADDRESSES: Sending a recursive query for ns1.name.com A
> 1.443:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> ns1.name.com A NOERROR
> 1.444:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> ns1.name.com AAAA
> 1.459:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> ns1.name.com AAAA NOERROR
> 1.459:DEBUG RUN GET_ADDRESSES: Caching address for ns1.name.com =>
> 184.173.68.159, 2607:F0D0:1101:16F::2
> 1.561:DEBUG RUN: Enqueued query 13 to 184.173.68.159 for bonsi.org DNSKEY
> 1.627:DEBUG RUN: Enqueued query 14 to 2607:F0D0:1101:16F::2 for
> bonsi.org DNSKEY
> 1.627:DEBUG RUN GET_ADDRESSES: Sending a recursive query for ns1.bonsi.org A
> 1.778:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> ns1.bonsi.org A NOERROR
> 1.779:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> ns1.bonsi.org AAAA
> 1.883:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> ns1.bonsi.org AAAA NOERROR
> 1.883:DEBUG RUN GET_ADDRESSES: Caching address for ns1.bonsi.org =>
> 63.200.45.18
> 1.903:DEBUG RUN: Enqueued query 15 to 63.200.45.18 for bonsi.org DNSKEY
> 1.903:DEBUG RUN GET_ADDRESSES: Sending a recursive query for ns2.name.com A
> 1.908:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> ns2.name.com A NOERROR
> 1.909:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> ns2.name.com AAAA
> 1.912:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> ns2.name.com AAAA NOERROR
> 1.912:DEBUG RUN GET_ADDRESSES: Caching address for ns2.name.com =>
> 81.95.148.170
> 2.055:DEBUG RUN: Enqueued query 16 to 81.95.148.170 for bonsi.org DNSKEY
> 2.055:DEBUG RUN GET_ADDRESSES: Sending a recursive query for ns2.bonsi.org A
> 2.126:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> ns2.bonsi.org A NOERROR
> 2.127:DEBUG RUN GET_ADDRESSES: Sending a recursive query for
> ns2.bonsi.org AAAA
> 2.195:DEBUG RUN GET_ADDRESSES: Got response for recursive query
> ns2.bonsi.org AAAA NOERROR
> 2.196:DEBUG RUN GET_ADDRESSES: Caching address for ns2.bonsi.org =>
> 63.200.45.19
> 2.214:DEBUG RUN: Enqueued query 17 to 63.200.45.19 for bonsi.org DNSKEY
> 2.214:DEBUG RUN: Got activity for 4, from 2001:500:40::1
> 2.214:DEBUG RUN: Got referral
> 2.223:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.223:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.223:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.223:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.223:DEBUG RUN: Already have 184.173.68.159 queued
> 2.223:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.224:DEBUG RUN: Already have 63.200.45.18 queued
> 2.224:DEBUG RUN: Already have 81.95.148.170 queued
> 2.224:DEBUG RUN: Already have 63.200.45.19 queued
> 2.224:DEBUG RUN: Got activity for 1, from 199.19.56.1
> 2.224:DEBUG RUN: Got referral
> 2.233:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.233:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.233:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.233:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.233:DEBUG RUN: Already have 184.173.68.159 queued
> 2.233:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.234:DEBUG RUN: Already have 63.200.45.18 queued
> 2.234:DEBUG RUN: Already have 63.200.45.19 queued
> 2.234:DEBUG RUN: Already have 81.95.148.170 queued
> 2.234:DEBUG RUN: Got activity for 2, from 2001:500:E::1
> 2.234:DEBUG RUN: Got referral
> 2.243:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.243:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.243:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.243:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.243:DEBUG RUN: Already have 63.200.45.19 queued
> 2.243:DEBUG RUN: Already have 63.200.45.18 queued
> 2.243:DEBUG RUN: Already have 184.173.68.159 queued
> 2.244:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.244:DEBUG RUN: Already have 81.95.148.170 queued
> 2.244:DEBUG RUN: Got activity for 5, from 199.19.54.1
> 2.244:DEBUG RUN: Got referral
> 2.255:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.255:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.255:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.255:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.255:DEBUG RUN: Already have 81.95.148.170 queued
> 2.255:DEBUG RUN: Already have 63.200.45.18 queued
> 2.256:DEBUG RUN: Already have 184.173.68.159 queued
> 2.256:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.256:DEBUG RUN: Already have 63.200.45.19 queued
> 2.256:DEBUG RUN: Got activity for 7, from 199.249.120.1
> 2.256:DEBUG RUN: Got referral
> 2.265:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.265:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.265:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.265:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.265:DEBUG RUN: Already have 184.173.68.159 queued
> 2.265:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.265:DEBUG RUN: Already have 63.200.45.18 queued
> 2.265:DEBUG RUN: Already have 81.95.148.170 queued
> 2.265:DEBUG RUN: Already have 63.200.45.19 queued
> 2.265:DEBUG RUN: Got activity for 9, from 199.19.53.1
> 2.266:DEBUG RUN: Got referral
> 2.275:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.275:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.275:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.275:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.275:DEBUG RUN: Already have 63.200.45.19 queued
> 2.275:DEBUG RUN: Already have 81.95.148.170 queued
> 2.275:DEBUG RUN: Already have 63.200.45.18 queued
> 2.275:DEBUG RUN: Already have 184.173.68.159 queued
> 2.275:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.275:DEBUG RUN: Got activity for 10, from 2001:500:B::1
> 2.275:DEBUG RUN: Got referral
> 2.284:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.284:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.284:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.284:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.284:DEBUG RUN: Already have 184.173.68.159 queued
> 2.284:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.285:DEBUG RUN: Already have 81.95.148.170 queued
> 2.285:DEBUG RUN: Already have 63.200.45.18 queued
> 2.285:DEBUG RUN: Already have 63.200.45.19 queued
> 2.285:DEBUG RUN: Got activity for 12, from 2001:500:F::1
> 2.285:DEBUG RUN: Got referral
> 2.294:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.294:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.294:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.294:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.294:DEBUG RUN: Already have 81.95.148.170 queued
> 2.294:DEBUG RUN: Already have 63.200.45.18 queued
> 2.294:DEBUG RUN: Already have 63.200.45.19 queued
> 2.295:DEBUG RUN: Already have 184.173.68.159 queued
> 2.295:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.295:DEBUG RUN: Got activity for 8, from 2001:500:48::1
> 2.295:DEBUG RUN: Got referral
> 2.304:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.304:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.304:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.304:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.304:DEBUG RUN: Already have 184.173.68.159 queued
> 2.304:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.304:DEBUG RUN: Already have 63.200.45.18 queued
> 2.304:DEBUG RUN: Already have 81.95.148.170 queued
> 2.304:DEBUG RUN: Already have 63.200.45.19 queued
> 2.304:DEBUG RUN: Got activity for 11, from 199.19.57.1
> 2.304:DEBUG RUN: Got referral
> 2.313:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 2.313:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 2.313:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 2.313:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 2.313:DEBUG RUN: Already have 81.95.148.170 queued
> 2.314:DEBUG RUN: Already have 63.200.45.19 queued
> 2.314:DEBUG RUN: Already have 63.200.45.18 queued
> 2.314:DEBUG RUN: Already have 184.173.68.159 queued
> 2.314:DEBUG RUN: Already have 2607:F0D0:1101:16F::2 queued
> 2.314:DEBUG RUN: Got activity for 13, from 184.173.68.159
> 2.314:DEBUG RUN: Found answer from 184.173.68.159
> 2.314:WARNING RUN: No DNSKEY records found by server 184.173.68.159
> 2.314:WARNING RUN: ;; Answer received from 184.173.68.159 ( bytes)
> ;;:
> ;; Security Level : UNCHECKED
> ;; HEADER SECTION:
> ;; id = 23945:
> ;; qr = true opcode = Query aa = true tc = false rd = false:
> ;; ra = false ad = false cd = false rcode = NOERROR:
> ;; qdcount = 1 ancount = 0 nscount = 0 arcount = 0:
> :
> ;; QUESTION SECTION (1 record):
> ;; bonsi.org. IN DNSKEY:
> 2.315:DEBUG RUN: Got activity for 14, from 2607:F0D0:1101:16F::2
> 2.315:DEBUG RUN: Found answer from 2607:F0D0:1101:16F::2
> 2.315:WARNING RUN: No DNSKEY records found by server 2607:F0D0:1101:16F::2
> 2.315:WARNING RUN: ;; Answer received from 2607:F0D0:1101:16F::2 ( bytes)
> ;;:
> ;; Security Level : UNCHECKED
> ;; HEADER SECTION:
> ;; id = 39726:
> ;; qr = true opcode = Query aa = true tc = false rd = false:
> ;; ra = false ad = false cd = false rcode = NOERROR:
> ;; qdcount = 1 ancount = 0 nscount = 0 arcount = 0:
> :
> ;; QUESTION SECTION (1 record):
> ;; bonsi.org. IN DNSKEY:
> 2.315:DEBUG RUN: Got activity for 15, from 63.200.45.18
> 2.315:DEBUG RUN: 63.200.45.18 failed: Dnsruby::Refused
> 2.315:DEBUG RUN: Got activity for 17, from 63.200.45.19
> 2.315:DEBUG RUN: 63.200.45.19 failed: Dnsruby::Refused
> 2.580:DEBUG RUN: Got activity for 16, from 81.95.148.170
> 2.580:DEBUG RUN: Found answer from 81.95.148.170
> 2.580:WARNING RUN: No DNSKEY records found by server 81.95.148.170
> 2.580:WARNING RUN: ;; Answer received from 81.95.148.170 ( bytes)
> ;;:
> ;; Security Level : UNCHECKED
> ;; HEADER SECTION:
> ;; id = 19178:
> ;; qr = true opcode = Query aa = true tc = false rd = false:
> ;; ra = false ad = false cd = false rcode = NOERROR:
> ;; qdcount = 1 ancount = 0 nscount = 0 arcount = 0:
> :
> ;; QUESTION SECTION (1 record):
> ;; bonsi.org. IN DNSKEY:
> 11.353:DEBUG RUN: Got activity for 6, from 2001:500:C::1
> 11.353:DEBUG RUN: Got referral
> 11.362:DEBUG RUN: bonsi.org. 86400 IN NS ns1.name.com.
> 11.362:DEBUG RUN: bonsi.org. 86400 IN NS ns2.name.com.
> 11.362:DEBUG RUN: bonsi.org. 86400 IN NS ns2.bonsi.org.
> 11.362:DEBUG RUN: bonsi.org. 86400 IN NS ns1.bonsi.org.
> 11.426:DEBUG RUN: Enqueued query 18 to 184.173.68.159 for bonsi.org DNSKEY
> 11.491:DEBUG RUN: Enqueued query 19 to 2607:F0D0:1101:16F::2 for
> bonsi.org DNSKEY
> 11.634:DEBUG RUN: Enqueued query 20 to 81.95.148.170 for bonsi.org DNSKEY
> 11.651:DEBUG RUN: Enqueued query 21 to 63.200.45.19 for bonsi.org DNSKEY
> 11.670:DEBUG RUN: Enqueued query 22 to 63.200.45.18 for bonsi.org DNSKEY
> 11.684:DEBUG RUN: Got activity for 21, from 63.200.45.19
> 11.684:DEBUG RUN: 63.200.45.19 failed: Dnsruby::Refused
> 11.707:DEBUG RUN: Got activity for 22, from 63.200.45.18
> 11.707:DEBUG RUN: 63.200.45.18 failed: Dnsruby::Refused
> 11.712:DEBUG RUN: Got activity for 18, from 184.173.68.159
> 11.712:DEBUG RUN: Found answer from 184.173.68.159
> 11.712:WARNING RUN: No DNSKEY records found by server 184.173.68.159
> 11.713:WARNING RUN: ;; Answer received from 184.173.68.159 ( bytes)
> ;;:
> ;; Security Level : UNCHECKED
> ;; HEADER SECTION:
> ;; id = 3495:
> ;; qr = true opcode = Query aa = true tc = false rd = false:
> ;; ra = false ad = false cd = false rcode = NOERROR:
> ;; qdcount = 1 ancount = 0 nscount = 0 arcount = 0:
> :
> ;; QUESTION SECTION (1 record):
> ;; bonsi.org. IN DNSKEY:
> 11.779:DEBUG RUN: Got activity for 19, from 2607:F0D0:1101:16F::2
> 11.779:DEBUG RUN: Found answer from 2607:F0D0:1101:16F::2
> 11.779:WARNING RUN: No DNSKEY records found by server 2607:F0D0:1101:16F::2
> 11.779:WARNING RUN: ;; Answer received from 2607:F0D0:1101:16F::2 ( bytes)
> ;;:
> ;; Security Level : UNCHECKED
> ;; HEADER SECTION:
> ;; id = 52525:
> ;; qr = true opcode = Query aa = true tc = false rd = false:
> ;; ra = false ad = false cd = false rcode = NOERROR:
> ;; qdcount = 1 ancount = 0 nscount = 0 arcount = 0:
> :
> ;; QUESTION SECTION (1 record):
> ;; bonsi.org. IN DNSKEY:
> 12.156:DEBUG RUN: Got activity for 20, from 81.95.148.170
> 12.156:DEBUG RUN: Found answer from 81.95.148.170
> 12.156:WARNING RUN: No DNSKEY records found by server 81.95.148.170
> 12.156:WARNING RUN: ;; Answer received from 81.95.148.170 ( bytes)
> ;;:
> ;; Security Level : UNCHECKED
> ;; HEADER SECTION:
> ;; id = 20596:
> ;; qr = true opcode = Query aa = true tc = false rd = false:
> ;; ra = false ad = false cd = false rcode = NOERROR:
> ;; qdcount = 1 ancount = 0 nscount = 0 arcount = 0:
> :
> ;; QUESTION SECTION (1 record):
> ;; bonsi.org. IN DNSKEY:
> 12.156:INFO Total answers: 0
> 12.156:FAILURE No answers.
> 12.156:FINAL_FAILURE FAILURE
>
>
>
>
> --
> BEARTCOMMUNICATIONS
> Eduardo Bonsi
> System - Network Admin
> beartcom at pacbell.net
> webmaster at beart.com
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list