Hi,
I've run into a strange result when querying for DS RRs (e.g. for
zone.nic.cz). The output of the attached script is:
Unbound version: 1.4.16
fqdn: nic.cz, status: 0, secure: 1, bogus: 0, why_bogus: None
fqdn: zone.nic.cz, status: 0, secure: 0, bogus: 1, why_bogus: validation
failure <zone.nic.cz. DS IN>: nodata proof failed from 2001:678:f::1
fqdn: www.nic.cz, status: 0, secure: 0, bogus: 1, why_bogus: validation
failure <www.nic.cz. DS IN>: nodata proof failed from 2001:678:1::1
fqdn: xn--mgbh0fb.xn--kgbechtv, status: 0, secure: 0, bogus: 1,
why_bogus: validation failure <xn--mgbh0fb.xn--kgbechtv. DS IN>: nodata
proof failed from 2001:648:2c30::1:10
The above queries via dig are OK.
Though if I query unbound running locally, I get always SERVFAIL (tried
on two machines, one had unbound 1.4.16 from distribution, the other
I've compiled from source).
Am I missing something or is it a bug?
Ondrej
(attachments)
unbound_ds_validation_fail.py (499 Bytes)