Date: Mon, 27 Jul 2020 17:19:57 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 248239] local_unbound: Fails to resolve europris.no fail after 11.3->11.4 upgrade Message-ID: <bug-248239-7501-sWDcmZn0Da@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-248239-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-248239-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248239 Chris Hutchinson <portmaster@bsdforge.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |portmaster@bsdforge.com --- Comment #14 from Chris Hutchinson <portmaster@bsdforge.com> --- Unless the version of unbound I'm running is newer than the version in question. The answer I get is is correct: # head -n3 unbound.log | grep start Jan 26 11:11:58 unbound[63414:0] info: start of service (unbound 1.7.3). # drill -v drill version 1.6.17 (ldns version 1.6.17) Written by NLnet Labs. Copyright (c) 2004-2008 NLnet Labs. Licensed under the revised BSD license. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # drill -TD europris.no. ;; Number of trusted keys: 1 ;; Domain: . [T] . 172800 IN DNSKEY 256 3 8 ;{id =3D 46594 (zsk), size =3D 2048b} . 172800 IN DNSKEY 257 3 8 ;{id =3D 20326 (ksk), size =3D 2048b} Checking if signing key is trusted: New key: . 172800 IN DNSKEY 256 3 8 <LONG-HASH> ;{id =3D 46594 = (zsk), size =3D 2048b} Trusted key: . 172800 IN DNSKEY 257 3 8 <LONG-HASH> ;{id =3D 20326 (ksk), size =3D 2048b} Trusted key: . 172800 IN DNSKEY 256 3 8 <LONG-HASH> ;{id =3D 46594 (zsk), size =3D 2048b} Key is now trusted! Trusted key: . 172800 IN DNSKEY 257 3 8 <LONG-HASH> ;{id =3D 20326 (ksk), size =3D 2048b} [T] no. 86400 IN DS 29471 8 2 <LONG-HASH>=20 ;; Domain: no. [T] no. 3600 IN DNSKEY 257 3 8 ;{id =3D 29471 (ksk), size =3D 2048b} no. 3600 IN DNSKEY 256 3 8 ;{id =3D 35961 (zsk), size =3D 1024b} Checking if signing key is trusted: New key: no. 3600 IN DNSKEY 256 3 8 <LONG-HASH> ;{id =3D 35961 = (zsk), size =3D 1024b} Trusted key: . 172800 IN DNSKEY 257 3 8 <LONG-HASH> ;{id =3D 20326 (ksk), size =3D 2048b} Trusted key: . 172800 IN DNSKEY 256 3 8 <LONG-HASH> ;{id =3D 46594 (zsk), size =3D 2048b} Trusted key: . 172800 IN DNSKEY 257 3 8 <LONG-HASH> ;{id =3D 20326 (ksk), size =3D 2048b} Trusted key: no. 3600 IN DNSKEY 257 3 8 <LONG-HASH> ;{id =3D 29471 (ksk), size =3D 2048b} Trusted key: no. 3600 IN DNSKEY 256 3 8 <LONG-HASH> ;{id =3D 35961 (zsk), size =3D 1024b} Key is now trusted! [T] europris.no. 7200 IN DS 25323 15 2 <LONG-HASH>=20 europris.no. 7200 IN DS 25323 15 4 <LONG-HASH>=20 ;; Domain: europris.no. ;; Signature ok but no chain to a trusted key or ds record [S] europris.no. 3600 IN DNSKEY 256 3 13 ;{id =3D 14997 (zsk), size =3D 256= b} europris.no. 3600 IN DNSKEY 257 3 15 ;{id =3D 25323 (ksk), size =3D 0b} europris.no. 3600 IN DNSKEY 256 3 15 ;{id =3D 39946 (zsk), size =3D 0b} europris.no. 3600 IN DNSKEY 257 3 13 ;{id =3D 46820 (ksk), size =3D 256b} [S] europris.no. 3600 IN A 194.63.248.52 ;;[S] self sig OK; [B] bogus; [T] trusted OTOH in any case the real solution (if required) would be from the (unbound) developer(s). With a WARN (from @secteam) as necessary to those affected, in the meantime. --Chris --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248239-7501-sWDcmZn0Da>