Servfail on Bind -9.16.1

upen upendra.gandhi at gmail.com
Sun Nov 22 15:05:04 UTC 2020 

On Sun, Nov 22, 2020 at 8:14 AM Ismael Suarez <Ismael_Suarez at coqui.com>
wrote:

> Also, just for testing. Similar happened to me. Try with
> ‘dnssec-validation no;’


Thank you Ismael, you are right .
The resolution worked after setting ^^^

So to answer Julien also I believe +nodnsdec in the dig would have helped
with resolution.

So validation is not working it seems . What could be reason for that? Is
something wrong on my configuration or network that the dnssec validation
can not be used in my configuration.

I can set to auto again and run dig +trace if that will help
troubleshooting further why validation may not be working. I’m unsure if
this is expected or something could be wrong somewhere on my end /network .

Thank you again everyone ,
Ups








> ________________________________
> From: bind-users <bind-users-bounces at lists.isc.org> on behalf of julien
> soula <julien.soula at univ-lille.fr>
> Sent: Sunday, November 22, 2020 9:31:56 AM
> To: upen <upendra.gandhi at gmail.com>
> Cc: bind-users at lists.isc.org <bind-users at lists.isc.org>; BIND Users <
> bind-users at isc.org>
> Subject: Re: Servfail on Bind -9.16.1
>
> On Sat, Nov 21, 2020 at 03:20:26PM -0600, upen wrote:
> > .../...
> > default.log:21-Nov-2020 15:11:18.008 client @0x7fb6a800c0a0
> 127.0.0.1#33706
> > (www.facebook.com<http://www.facebook.com>): query failed (broken trust
> chain) for
> > www.facebook.com/IN/A<http://www.facebook.com/IN/A> at query.c:6883
> > dnssec.log:21-Nov-2020 15:11:18.008 validating www.facebook.com/CNAME:<
> http://www.facebook.com/CNAME:> bad
> > cache hit (com/DS)
> > lame-servers.log:21-Nov-2020 15:11:18.008 broken trust chain resolving '
> > www.facebook.com/A/IN':<http://www.facebook.com/A/IN':> 129.134.31.12#53
>
> it seems to be an error in dnssec. So I suppose that "dig +nodnssec
> ...." works.
>
> May be "dig +trace facebook.com" will give you more hints.
>
> sincerly,
> --
> Julien
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-- 
upen,
emerge -uD life (Upgrade Life with dependencies)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20201122/3c74c0eb/attachment-0002.htm>

More information about the bind-users mailing list