Hi ,
I see my com zone on the other system , but I cannot configure
dnssec , and when I add the
trust anchor then my dig return servfail , my config file is like this
( I am sure that the DNSKEY is right )
:
server:
verbosity: 4
interface: 0.0.0.0
port: 53
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 allow
#access-control: 0.0.0.0/0 refuse
#access-control: 127.0.0.0/8 allow
trust-anchor: "com. IN DNSKEY 257 3 5
AwEAAbf7W22wjbzQ25cp23q4Kp7QdEOUWiPm5kDVvE2kOUYCyFUI04oI
EA2zs1i0jHfaTDxkEOQa810eqgBJQAuCyv0="
#trust-anchor-file: "/var/unbound/Kcom.db.+005+56464.key"
#trust-anchor-file: "/var/unbound/Kcom.db.+005+12993.key"
chroot: "/var/unbound"
username: "unbound"
directory: "/var/unbound"
use-syslog: yes
pidfile: "/var/run/unbound.pid"
root-hints: "/var/unbound/named.cache"
stub-zone:
name: "com"
stub-addr: 192.168.1.2
and it's the response of unbound-host : ( -d -v -r -f with the ksk address )
[1222713721] libunbound[27451:0] notice: init module 0: validator
[1222713721] libunbound[27451:0] notice: init module 1: iterator
[1222713721] libunbound[27451:0] info: resolving <com. A IN>
[1222713721] libunbound[27451:0] info: response for <com. A IN>
[1222713721] libunbound[27451:0] info: reply from <.> 192.168.1.3#53
[1222713721] libunbound[27451:0] info: query response was ANSWER
[1222713721] libunbound[27451:0] info: prime trust anchor
[1222713721] libunbound[27451:0] info: resolving <com. DNSKEY IN>
[1222713721] libunbound[27451:0] info: response for <com. DNSKEY IN>
[1222713721] libunbound[27451:0] info: reply from <.> 192.168.1.3#53
[1222713721] libunbound[27451:0] info: query response was ANSWER
[1222713721] libunbound[27451:0] info: validate keys with
anchor(DNSKEY): sec_status_bogus
[1222713721] libunbound[27451:0] info: failed to prime trust anchor --
could not fetch secure DNSKEY rrset <com. DNSKEY IN>
[1222713721] libunbound[27451:0] info: Could not establish validation
of INSECURE status of unsigned response.
com has address 192.168.1.2 (BOGUS (security failure))
[1222713721] libunbound[27451:0] info: resolving <com. AAAA IN>
[1222713721] libunbound[27451:0] info: response for <com. AAAA IN>
[1222713721] libunbound[27451:0] info: reply from <.> 192.168.1.3#53
[1222713721] libunbound[27451:0] info: query response was ANSWER
[1222713721] libunbound[27451:0] info: prime trust anchor
[1222713721] libunbound[27451:0] info: resolving <com. DNSKEY IN>
[1222713721] libunbound[27451:0] info: validate keys with
anchor(DNSKEY): sec_status_bogus
[1222713721] libunbound[27451:0] info: failed to prime trust anchor --
could not fetch secure DNSKEY rrset <com. DNSKEY IN>
[1222713721] libunbound[27451:0] info: Could not establish validation
of INSECURE status of unsigned response.
com has no IPv6 address (BOGUS (security failure))
[1222713721] libunbound[27451:0] info: resolving <com. MX IN>
[1222713721] libunbound[27451:0] info: response for <com. MX IN>
[1222713721] libunbound[27451:0] info: reply from <.> 192.168.1.3#53
[1222713721] libunbound[27451:0] info: query response was ANSWER
[1222713721] libunbound[27451:0] info: prime trust anchor
[1222713721] libunbound[27451:0] info: resolving <com. DNSKEY IN>
[1222713721] libunbound[27451:0] info: validate keys with
anchor(DNSKEY): sec_status_bogus
[1222713721] libunbound[27451:0] info: failed to prime trust anchor --
could not fetch secure DNSKEY rrset <com. DNSKEY IN>
[1222713721] libunbound[27451:0] info: Could not establish validation
of INSECURE status of unsigned response.
com mail is handled by 10 shahab.com. (BOGUS (security failure))
thank you very much.