[MacPorts] #49264: unbound don't promote DNSSEC under El Capitan
MacPorts
noreply at macports.org
Fri Oct 23 07:39:18 PDT 2015
#49264: unbound don't promote DNSSEC under El Capitan
-----------------------+-------------------
Reporter: fritzs@… | Owner: snc@…
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.3.4
Resolution: | Keywords:
Port: unbound |
-----------------------+-------------------
Comment (by fritzs@…):
any idea what happens?
{{{
$ dig +noall +comments dnssec-failed.org
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33064
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0
}}}
{{{
$ dig org. SOA +dnssec
; <<>> DiG 9.8.3-P1 <<>> org. SOA +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15888
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 7
}}}
http://www.unbound.net/documentation/howto_anchor.html
If you then dig com. SOA +dnssec you should see the AD flag there. If
things go wrong, try the unbound option val-log-level: 2 that will log
explanations why the DNSSEC validation fails (one line per failed query).
--
Ticket URL: <https://trac.macports.org/ticket/49264#comment:9>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list