You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The rest of the config parameters have their default values.
I send a request to resolve the domain ww.gonzaga.org (Note that there is an error in the URL). I receive the following response:
Expected behavior
The expected behavior is that in the second query for www.gonzaga.org, this domain should be resolved as indicated above when DNSSEC is not enabled, instead of returning NXDOMAIN.
System:
Unbound version: 1.16.2
OS: FreeBSD 13.0 (also happens in Ubuntu 22.04.1)
unbound -V output:
Version 1.16.2
Configure line:
Linked libs: mini-event internal (it uses select), OpenSSL 1.1.1m 14 Dec 2021
Linked modules: dns64 respip validator iterator
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues
Additional information
Add any other information that you may have gathered about the issue here.
The text was updated successfully, but these errors were encountered:
I can't reproduce here as I get answers on both queries (with DNSSEC; ww of course returns NXDOMAIN).
The only problem that I see is that onmessage.whipplehillsites.com returns NXDOMAIN and that would prevent resolution if both
Not sure why DNSSEC does not work for you; maybe you are getting different answers in your network?
Could it be that the answer you are getting messes up with the NSEC chain and aggressive-nsec: yes (default) concludes that there is no www subdomain? That matches with the observation that you see no outgoing traffic for the second query. In that case you could try with aggressive-nsec: no.
Also increasing verbosity to 4 and trying the same steps could give more insight.
Describe the bug
I have Unbound with DNSSEC installed. In the configuration I only enabled the option:
auto-trust-anchor-file: /usr/local/etc/unbound/root/anchor/root.key
The rest of the config parameters have their default values.
I send a request to resolve the domain ww.gonzaga.org (Note that there is an error in the URL). I receive the following response:
This is correct because the URL was wrong and the domain doesn't exist.
But now if I try to resolve the correct domain (www.gonzaga.org), I receive the same response although in this case the domain exists:
I have checked with tcpdump that Unbound is using the cached value from the first query I've made, although I am trying to resolve a different domain.
When DNSSEC is not configured in this second case I see the correct response:
I have seen that if I remove the module
validator
in the configuration optionmodule-config
, the problem doesn't happen.To reproduce
Steps to reproduce the behavior:
Expected behavior
The expected behavior is that in the second query for www.gonzaga.org, this domain should be resolved as indicated above when DNSSEC is not enabled, instead of returning NXDOMAIN.
System:
unbound -V
output:Additional information
Add any other information that you may have gathered about the issue here.
The text was updated successfully, but these errors were encountered: