message is bogus, non secure rrset with Unbound as local caching resolver
Paul Wouters
paul at nohats.ca
Wed Mar 2 15:47:13 UTC 2016
On Wed, 2 Mar 2016, Olav Morken via Unbound-users wrote:
> Unfortunately, the BIND server only tends to return responses where the
> authority-section has NS-records but no RRSIG-record during the night.
> I suspect it has something to do with traffic levels and what other
> systems are accessing it. It makes it all a bit hard to troubleshoot.
> The main source of information for troubleshooting has been a
> combination of PCAP-files and log files.
Are you sure this is not the bind wildcard bug? Can you try to resolve
something like pwouters.fedorahosted.org. That's an expanded wildcard.
If so, this is the same bug as:
https://bugzilla.redhat.com/show_bug.cgi?id=824219
We have a test for this, but I don't this dnssec-trigger has included
this test yet.
Paul
More information about the Unbound-users
mailing list