Re: FreeBSD Trust Chain
- Reply: Tim Daneliuk : "Re: FreeBSD Trust Chain"
- In reply to: Tim Daneliuk : "Re: FreeBSD Trust Chain"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 13 Jan 2022 09:42:36 UTC
On Thu, Jan 13, 2022 at 5:04 AM Tim Daneliuk wrote:
>
> On 1/12/22 9:47 PM, John Levine wrote:
> > . 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1502433573 ;;Fri Aug 11 02:39:33 2017
>
>
> Thanks, we're still digging into this. It may well not be a DNSSEC issue
> at all. We've disabled DNSSEC checking and are still seeing issue.
>
> This is starting to look like Comcast Business preventing our servers
> from doing direct recursion via the root servers. i.e. We have to
> use forwarders to resolve anything outside our own domain reliably.
>
> It's weird, without forwarders, and with a clean cache, some names
> resolve and some don't. If we add 1.1.1.1 as a forwarder
> everything seems to work OK.
Do you use local_unbound? Some people (including me) recently noticed
resolve problems with local_unbound when using local LAN dns servers
(i.e. 192.168.0.1) on a desktop machine, when using external dns only
for local_unbound all seems to work fine, when using that local LAN
resolver directly without local_unbound also all seems to work fine.
Looks a bit similar issue somewhere out there maybe? :-)
--
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info