Date: Mon, 27 Jul 2020 17:52:29 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 248239] local_unbound: Fails to resolve europris.no fail after 11.3->11.4 upgrade Message-ID: <bug-248239-7501-xCW5XB9QB8@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-248239-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-248239-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248239 --- Comment #15 from Viktor Dukhovni <ietf-dane@dukhovni.org> --- Comment on attachment 216796 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D216796 Drill -DT The drill output you provide shows everything working correctly: >$ drill -DT www.europris.no ;; Number of trusted keys: 1 ;; Domain: . >[T] . 172800 IN DNSKEY 257 3 8 ;{id =3D 20326 (ksk), size =3D 2048b} > . 172800 IN DNSKEY 256 3 8 ;{id =3D 46594 (zsk), size =3D 2048b} Check= ing if signing key is trusted: >New key: . 172800 IN DNSKEY 256 3 8 <blob> ;{id =3D 46594 (zsk= ), size =3D 2048b} > Trusted key: . 172800 IN DNSKEY 257 3 8 <blob> ;{id =3D 20= 326 (ksk), size =3D 2048b} > Trusted key: . 172800 IN DNSKEY 257 3 8 <blob> ;{id =3D 20= 326 (ksk), size =3D 2048b} > Trusted key: . 172800 IN DNSKEY 256 3 8 <blob> ;{id =3D 46= 594 (zsk), size =3D 2048b} >Key is now trusted! >[T] no. 86400 IN DS 29471 8 2 <blob> >;; Domain: no. >[T] no. 3600 IN DNSKEY 256 3 8 ;{id =3D 35961 (zsk), size =3D 1024b} > no. 3600 IN DNSKEY 257 3 8 ;{id =3D 29471 (ksk), size =3D 2048b} Check= ing if signing key is trusted: >New key: no. 3600 IN DNSKEY 256 3 8 <blob> ;{id =3D 35961 (zsk= ), size =3D 1024b} > Trusted key: . 172800 IN DNSKEY 257 3 8 <blob> ;{id =3D 20= 326 (ksk), size =3D 2048b} > Trusted key: . 172800 IN DNSKEY 257 3 8 <blob> ;{id =3D 20= 326 (ksk), size =3D 2048b} > Trusted key: . 172800 IN DNSKEY 256 3 8 <blob> ;{id =3D 46= 594 (zsk), size =3D 2048b} > Trusted key: no. 3600 IN DNSKEY 256 3 8 <blob> ;{i= d =3D 35961 (zsk), size =3D 1024b} >Key is now trusted! > Trusted key: no. 3600 IN DNSKEY 257 3 8 <blob> ;{i= d =3D 29471 (ksk), size =3D 2048b} >[T] europris.no. 7200 IN DS 25323 15 2 <blob> >europris.no. 7200 IN DS 25323 15 4 <blob> >;; Domain: europris.no. >;; Signature ok but no chain to a trusted key or ds record >[S] europris.no. 3600 IN DNSKEY 256 3 15 ;{id =3D 39946 (zsk), size =3D 0b} > europris.no. 3600 IN DNSKEY 257 3 13 ;{id =3D 46820 (ksk), size =3D 25= 6b} > europris.no. 3600 IN DNSKEY 257 3 15 ;{id =3D 25323 (ksk), size =3D 0b} > europris.no. 3600 IN DNSKEY 256 3 13 ;{id =3D 14997 (zsk), size =3D 25= 6b} >;; No DS for www.europris.no. >;; No ds record for delegation The DS algorithm is not supported, so it is treated as absent, and the DNSK= EY RRset is reported as self-signed[S]. >;; Domain: www.europris.no. >;; No DNSKEY record found for www.europris.no. >[U] No data found for: www.europris.no. type A >;;[S] self sig OK; [B] bogus; [T] trusted There are apparently no A records for www.europris.no, though there is a CN= AME record: www.europris.no. IN CNAME m2-varnish-production-1583682531.eu-west-1.elb.amazonaws.com. www.europris.no. IN RRSIG CNAME 13 3 300 20200822020208 20200723020208 14= 997 europris.no. <blob> www.europris.no. IN RRSIG CNAME 15 3 300 20200822020208 20200723020208 39= 946 europris.no. <blob> It appears that "drill -D -T <domain>" does not report the CNAME or A recor= ds, while "drill -D" or "drill -T" alone do. I see no issue here. --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-248239-7501-xCW5XB9QB8>