Date: Tue, 15 Mar 2016 15:55:10 +0100 From: Andrea Brancatelli <abrancatelli@schema31.it> To: =?UTF-8?Q?Trond_Endrest=C3=B8l?= <Trond.Endrestol@fagskolen.gjovik.no> Cc: freebsd-stable@freebsd.org Subject: Re: Problems with unbound Message-ID: <e7b93ecb3ba1e1213033cabe507b4847@schema31.it> In-Reply-To: <alpine.BSF.2.20.1603151338550.1010@mail.fig.ol.no> References: <f7856f2cc504efd0449091308a97f339@schema31.it> <alpine.BSF.2.20.1603151338550.1010@mail.fig.ol.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, the machine is connected "directly enough" (it's in a datacenter) to safely excude point 1. How can I check it with tcpdump or whatever? For point 2 I have the same exact problem adding OpenDNS in forward.conf, so I'd exclude it too. I have an interest and funny input tho: the problem happens only when resolving *.freebsd.org but doesn't happen when I try to resolve, for example, www.google.com [1]. I already know you won't be believing me (eheh), so here's a snippet: root@dbengine-ent-rm-01:/var/unbound # service local_unbound restart Stopping local_unbound. Waiting for PIDS: 52156. Starting local_unbound. root@dbengine-ent-rm-01:/var/unbound # cat /etc/unbound/unbound.conf # This file was generated by local-unbound-setup. # Modifications will be overwritten. server: username: unbound directory: /var/unbound chroot: /var/unbound pidfile: /var/run/local_unbound.pid auto-trust-anchor-file: /var/unbound/root.key include: /var/unbound/forward.conf include: /var/unbound/lan-zones.conf include: /var/unbound/control.conf include: /var/unbound/conf.d/*.conf root@dbengine-ent-rm-01:/var/unbound # host www.freebsd.org ;; connection timed out; no servers could be reached root@dbengine-ent-rm-01:/var/unbound # host www.google.com www.google.com has address 216.58.212.68 www.google.com has IPv6 address 2a00:1450:4002:809::2004 root@dbengine-ent-rm-01:/var/unbound # unbound-anchor -l . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2 paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7 MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29 iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3 DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH 6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD 2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h 15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF 0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk -----END CERTIFICATE----- ######### And then again: root@dbengine-ent-rm-01:/var/unbound # cat /etc/unbound/unbound.conf # This file was generated by local-unbound-setup. # Modifications will be overwritten. server: username: unbound directory: /var/unbound chroot: /var/unbound pidfile: /var/run/local_unbound.pid # auto-trust-anchor-file: /var/unbound/root.key include: /var/unbound/forward.conf include: /var/unbound/lan-zones.conf include: /var/unbound/control.conf include: /var/unbound/conf.d/*.conf root@dbengine-ent-rm-01:/var/unbound # service local_unbound restart Stopping local_unbound. Waiting for PIDS: 59561. Starting local_unbound. root@dbengine-ent-rm-01:/var/unbound # host www.freebsd.org www.freebsd.org is an alias for wfe0.ysv.freebsd.org. wfe0.ysv.freebsd.org has address 8.8.178.110 wfe0.ysv.freebsd.org has IPv6 address 2001:1900:2254:206a::50:0 wfe0.ysv.freebsd.org mail is handled by 0 . root@dbengine-ent-rm-01:/var/unbound # host www.google.com www.google.com has address 216.58.212.68 www.google.com has IPv6 address 2a00:1450:4002:809::2004 Il 2016-03-15 13:42 Trond Endrestøl ha scritto: > There's at least two possibilities: > > 1. Your ISP limits the use of DNS, in particular when DNSSEC is > involved, or > > 2. The Google DNS resolvers doesn't support DNSSEC. > > I haven't verified the latter, but I would guess Google are competent > enough to allow DNSSEC. Links: ------ [1] http://www.google.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e7b93ecb3ba1e1213033cabe507b4847>