You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While trying to get to the bottom of why unbound isn't giving any diagnostics for failed DNSSEC requests, I was led to unboundtest which wraps unbound.
An attempt to validate dnssec-failed.org doesn't contain the strings "EDE", "validation failure" or "bogus". The only indication that validation failed is the missing ad flag.
I am trying to work out if this is an unbound bug (the unbound people appear to be unaware that anything is broken), or a Redhat bug (Redhat has removed SHA1 from the OS, not sure if they broke anything in the process), or something else.
The text was updated successfully, but these errors were encountered:
While trying to get to the bottom of why unbound isn't giving any diagnostics for failed DNSSEC requests, I was led to unboundtest which wraps unbound.
Support for EDE in unboundtest was announced at https://community.letsencrypt.org/t/unboundtest-com-serving-more-informative-dnssec-error-logs/198380 but there doesn't appear to be evidence that it does anything.
An attempt to validate dnssec-failed.org doesn't contain the strings "EDE", "validation failure" or "bogus". The only indication that validation failed is the missing ad flag.
I am trying to work out if this is an unbound bug (the unbound people appear to be unaware that anything is broken), or a Redhat bug (Redhat has removed SHA1 from the OS, not sure if they broke anything in the process), or something else.
The text was updated successfully, but these errors were encountered: