12 Pro
2019
12 Pro
'19
11:31
Hello.
On 12/12/19 10:42 AM, Milan Jeskynka Kazatel wrote:
I would like to ask why my new version of Knot
Resolver does many
records of "DNSSEC validation failure szn-broken-dnssec.cz. DNSKEY"
Well, that domain is broken (intentionally by its owner), and you loaded
the module whose purpose is to log broken names.
I tried to compare results with my second resolver on
Unbound 1.9.4
where I'm able to receive an answer by command #unbound-control lookup
szn-broken-dnssec.cz
but no answer via dig command #dig szn-broken-dnssec.cz
I'm not really knowledgeable about Unbound details, but this command is
described in --help as
lookup <name> print nameservers
for name
and nameservers that would be used for the lookup itself seem OK to me.
[...] then should I be worried about this message in
my log?
No, you should not. It's unfortunate that I can't see a (currently
usable) way of detecting whether a breakage is intentional or not.
--Vladimir