Date: Thu, 13 Jan 2022 10:42:36 +0100 From: Tomasz CEDRO <tomek@cedro.info> To: Tim Daneliuk <tundra@tundraware.com> Cc: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: FreeBSD Trust Chain Message-ID: <CAM8r67B%2BBQC1j1TUHOebjrS56xh-DYKRE952xUO96fC4_dgRug@mail.gmail.com> In-Reply-To: <76433042-3807-4d9a-fca6-7c394e602866@tundraware.com> References: <20220113034748.8646A34B2207@ary.qy> <76433042-3807-4d9a-fca6-7c394e602866@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 13, 2022 at 5:04 AM Tim Daneliuk wrote:
>
> On 1/12/22 9:47 PM, John Levine wrote:
> > . 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1502433573 ;;Fri Aug 11 02:39:33 2017
>
>
> Thanks, we're still digging into this. It may well not be a DNSSEC issue
> at all. We've disabled DNSSEC checking and are still seeing issue.
>
> This is starting to look like Comcast Business preventing our servers
> from doing direct recursion via the root servers. i.e. We have to
> use forwarders to resolve anything outside our own domain reliably.
>
> It's weird, without forwarders, and with a clean cache, some names
> resolve and some don't. If we add 1.1.1.1 as a forwarder
> everything seems to work OK.
Do you use local_unbound? Some people (including me) recently noticed
resolve problems with local_unbound when using local LAN dns servers
(i.e. 192.168.0.1) on a desktop machine, when using external dns only
for local_unbound all seems to work fine, when using that local LAN
resolver directly without local_unbound also all seems to work fine.
Looks a bit similar issue somewhere out there maybe? :-)
--
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM8r67B%2BBQC1j1TUHOebjrS56xh-DYKRE952xUO96fC4_dgRug>