OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of michael_g »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - michael_g

Pages: [1]
1
General Discussion / Re: DNSSEC -> SERVFAIL
« on: September 13, 2021, 03:37:53 pm »
Quote from: sorano on September 13, 2021, 02:34:55 pm
Yeah looks like you may have to strict DNSSEC settings since Netgear.com does not even implement DNSSEC.

Hmm, I just clicked in the UI "Enable DNSSEC Support". No manual tweaks in a configfile.

How can I find out what happens, when this checkbox is enabled? In the Section "Unbound DNS/Log File" there is no info regarding netgear.com .

Why are other domains without DNSSEC working? I'm puzzled.

2
General Discussion / DNSSEC -> SERVFAIL
« on: September 13, 2021, 11:58:01 am »
Hi,

I'm using OPNsense OPNsense 21.7.2_1-amd64 with actual patches. Unbound is running as DNS-Server for the internal LAN. When I enable DNSSEC via UI (Services/Unbound DNS/General, Checkbox "Enable DNSSEC Support") I won't get name resolution for netgear.com.

Code: [Select]
mic@WORKSTATION:~$ nslookup
> server 192.168.35.1
Default server: 192.168.35.1
Address: 192.168.35.1#53
> netgear.com
Server: 192.168.35.1
Address: 192.168.35.1#53

Non-authoritative answer:
Name: netgear.com
Address: 13.248.140.194
Name: netgear.com
Address: 76.223.14.31
> netgear.com
Server: 192.168.35.1
Address: 192.168.35.1#53

** server can't find netgear.com: SERVFAIL
>
First test in the upper sample is with disabled DNSSEC, second one with DNSSEC enabled.

Other domains work without problems.

So the question is: is it netgear.com doing things wrong, or is the problem on my side?

Thx for any help, Michael

3
German - Deutsch / Re: DNSSEC -> SERVFAIL
« on: September 09, 2021, 12:09:14 pm »
Hallo Heiko,

Quote from: hsiewert on September 09, 2021, 11:22:50 am
Wie hast du denn den unbound eingestellt ?

Über das UI: Services/Unbound DNS/General, Checkbox "Enable DNSSEC Support".

Michael

4
German - Deutsch / DNSSEC -> SERVFAIL
« on: September 09, 2021, 11:00:54 am »
Hallo,

ich benutze OPNsense OPNsense 21.7.2_1-amd64 mit aktuellen Patches.
Ich nutze Unbound als DNS-Server für meine Clients. Wenn ich in der Konfiguration DNSSEC aktiviert habe, funktioniert die Namensauflösung für netgear.com nicht.

Code: [Select]
mic@WORKSTATION:~$ nslookup
> server 192.168.35.1
Default server: 192.168.35.1
Address: 192.168.35.1#53
> netgear.com
Server: 192.168.35.1
Address: 192.168.35.1#53

Non-authoritative answer:
Name: netgear.com
Address: 13.248.140.194
Name: netgear.com
Address: 76.223.14.31
> netgear.com
Server: 192.168.35.1
Address: 192.168.35.1#53

** server can't find netgear.com: SERVFAIL
>

Der erste Aufruf ist mit deaktiviertem DNSSEC, der zweite Aufruf mit aktiviertem DNSSEC. Andere Domains funktionieren klaglos.

Die Frage, die sich mir stellt: hat netgear.com etwas falsch gemacht, ist DNSSEC broken, hat Unbound ein Problem? Was ist der nächste Schritt in der Analyse?

Bin für jeden guten Tip dankbar!

Michael

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2