From owner-freebsd-pkg@freebsd.org  Sat May  1 23:05:52 2021
Return-Path: <owner-freebsd-pkg@freebsd.org>
Delivered-To: freebsd-pkg@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 804B663BF34
 for <freebsd-pkg@mailman.nyi.freebsd.org>;
 Sat,  1 May 2021 23:05:52 +0000 (UTC)
 (envelope-from rainer@ultra-secure.de)
Received: from connect.ultra-secure.de (connect.ultra-secure.de
 [88.198.71.201])
 by mx1.freebsd.org (Postfix) with ESMTP id 4FXlG62l5Jz3HCH;
 Sat,  1 May 2021 23:05:49 +0000 (UTC)
 (envelope-from rainer@ultra-secure.de)
Received: (Haraka outbound); Sun, 02 May 2021 01:05:56 +0200
Received-SPF: SoftFail (connect.ultra-secure.de: domain of ultra-secure.de
 does not designate 217.71.83.52 as permitted sender)
 receiver=connect.ultra-secure.de; identity=mailfrom; client-ip=217.71.83.52;
 helo=smtpclient.apple; envelope-from=<rainer@ultra-secure.de>
Received-SPF: None (connect.ultra-secure.de: domain of smtpclient.apple does
 not designate 217.71.83.52 as permitted sender)
 receiver=connect.ultra-secure.de; identity=helo; client-ip=217.71.83.52;
 helo=smtpclient.apple; envelope-from=<rainer@ultra-secure.de>
Received: from smtpclient.apple (217-071-083-052.ip-tech.ch [217.71.83.52])
 by connect.ultra-secure.de (Haraka/2.6.2-toaster) with ESMTPSA id
 E1F1DDAA-655B-413A-8A9F-71992773E8C2.1
 envelope-from <rainer@ultra-secure.de> (authenticated bits=0);
 Sun, 02 May 2021 01:05:54 +0200
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
Subject: Re: DNSSEC Errors on geo.freebsd.org
From: Rainer Duffner <rainer@ultra-secure.de>
In-Reply-To: <0a0c01d73ece$22f1dc60$68d59520$@uname.at>
Date: Sun, 2 May 2021 01:05:38 +0200
Cc: freebsd-pkg@freebsd.org,
 dnsadm@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD0CA45E-A45D-4103-8AF3-A9759C079BE1@ultra-secure.de>
References: <0a0c01d73ece$22f1dc60$68d59520$@uname.at>
To: patrick.prugger@uname.at
X-Mailer: Apple Mail (2.3654.80.0.2.43)
X-Haraka-GeoIP: EU, CH, 451km
X-Haraka-ASN: 24951
X-Haraka-GeoIP-Received: 217.71.83.52:CH
X-Haraka-ASN: 24951 217.71.80.0/20
X-Haraka-ASN-CYMRU: asn=24951 net=217.71.80.0/20 country=CH assignor=ripencc
 date=2003-08-07
X-Haraka-FCrDNS: 217-071-083-052.ip-tech.ch
X-Haraka-p0f: os="Mac OS X " link_type="DSL" distance=16 total_conn=1
 shared_ip=N
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on spamassassin
X-Spam-Level: 
X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 SPF_HELO_NONE,SPF_SOFTFAIL,URIBL_BLOCKED autolearn=no autolearn_force=no
 version=3.4.1
X-Haraka-Karma: score: 6, good: 17541, bad: 613, connections: 19866,
 history: 16928, asn_score: 1523, asn_connections: 1704, asn_good: 1561,
 asn_bad: 38, pass:asn, relaying
X-Rspamd-Queue-Id: 4FXlG62l5Jz3HCH
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of rainer@ultra-secure.de designates
 88.198.71.201 as permitted sender) smtp.mailfrom=rainer@ultra-secure.de
X-Spamd-Result: default: False [-0.72 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3];
 MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+mx];
 MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[88.198.71.201:from];
 DMARC_NA(0.00)[ultra-secure.de];
 SPAMHAUS_ZRD(0.00)[88.198.71.201:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_SHORT(0.98)[0.982];
 NEURAL_HAM_LONG(-1.00)[-1.000];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCVD_NO_TLS_LAST(0.10)[];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:24940, ipnet:88.198.0.0/16, country:DE];
 RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-pkg]
X-BeenThere: freebsd-pkg@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Binary package management and package tools discussion
 <freebsd-pkg.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pkg>,
 <mailto:freebsd-pkg-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pkg/>
List-Post: <mailto:freebsd-pkg@freebsd.org>
List-Help: <mailto:freebsd-pkg-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pkg>,
 <mailto:freebsd-pkg-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 May 2021 23:05:52 -0000



> Am 01.05.2021 um 23:08 schrieb patrick.prugger--- via freebsd-pkg =
<freebsd-pkg@freebsd.org>:
>=20
> Hello everyone!
>=20
> I just turned on DNSSEC validation on my DNS and it came to my eye =
that pkg
> now doesn't work anymore.
> Pkg is trying to access http://pkgmir.geo.freebsd.org/ to download de
> repository catalogue.
>=20
> Unfortunately it seems freebsd.org is signed with DNSSEC, but
> geo.freebsd.org isn't which leads to a DNSSEC error, broken chain of =
trust.
> For a diagram look here:
> https://dnsviz.net/d/pkgmir.geo.freebsd.org/dnssec/
>=20
> Does anyone here have a contact to the maintainers of the freebsd.org =
DNS
> zone?
>=20

https://www.freebsd.org/administration/#t-dnsadm