On Monday 14 July 2014 15:19:15 Diane Trout wrote: > On Sunday, July 13, 2014 17:47:58 Maximilian Engelhardt wrote: > > Hello, > > > > Since some time I cannot access http://pkg-kde.alioth.debian.org/ anymore > > using a DNSSEC validating resolver (unbound in my case). > > > > It seems that the DNSSEC entries for pkg-kde.alioth.debian.org are broken, > > see http://dnssec-debugger.verisignlabs.com/pkg-kde.alioth.debian.org > > > > Name resolution does work again after disabling DNSSEC which is of course > > a > > bad idea. > > > > I guess this should be fixed. > > > > Greetings, > > Maxi > > I've been having periodic problems resolving to pkg-kde.alioth while using > unbound. It seemed to happen when I moved between work and home and > restarting unbound would usually let me connect again. > > Diane Thanks for that hint. Investigating this a bit further I noticed that when I disable forwarders in unbound and thus configure unbound to resolving directly using the root servers, validation does indeed work fine. So this seems to be a problem with my upstream dns resolver. I will investigate this further, sorry for the noise. Greetings, Maxi
Attachment:
signature.asc
Description: This is a digitally signed message part.