how do I diagnose dnssec/unbound issues?
Paul Wouters
paul at nohats.ca
Sat Jun 27 13:21:10 UTC 2015
Try using unbound-host which uses the same configuration file?
Otherwise grep the logs for unbound or possibly increase verbosity to 2 or 3 in the conf file.
If it happens again and you are comfortable with it, you can run unbound-control dump to get the full DNS cache which could tell what's going on. But you have to make it at the time of failure before TTLs expire.
You can also try : unbound-control flush for a quick fix.
Sent from my iPhone
> On Jun 27, 2015, at 00:29, Matthew Miller <mattdm at fedoraproject.org> wrote:
>
> Okay, so... I enabled unbound and the dnssec-trigger package as
> outlined on the change page. It seems to mostly work, but, today:
>
> $ host www.boingboing.net
> Host www.boingboing.net not found: 2(SERVFAIL)
>
> $ host www.boingboing.net 8.8.8.8
> Using domain server:
> Name: 8.8.8.8
> Address: 8.8.8.8#53
> Aliases:
>
> www.boingboing.net has address 204.11.50.136
> $ cat /etc/resolv.conf
> # Generated by dnssec-trigger-script
> nameserver 127.0.0.1
>
> How do I go about diagnosing this?
>
> --
> Matthew Miller
> <mattdm at fedoraproject.org>
> Fedora Project Leader
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
More information about the devel
mailing list