Hi,
We are trying to activate dnssec validation on our pdns-recursor server
and get some strange problems with different domains that we can't
really explain.
In some cases domains that is insecure is validated as bogus and I have
also seen domains that has dnssec setup that is validated as bogus.
The first problem seems to be solved if we restart pdns service.
Wipe-cache works sometimes but we don't have any trace for this problem.
The other problem we have a trace where other subdomains are validated
as secure but one is always triggerd as bogus.
The domain where we find the problem is ansible.skatteverket.se, that is
one of the MX for skatteverket.se. The other mx servers seems to
validate as secure. (telegraf.skatteverket.se, marathon.skatteverket.se)
I have publish our trace on: https://pastebin.com/CDeTy6Mv
When looking at http://dnsviz.net/d/ansible.skatteverket.se/dnssec/ says
that it is a valid chain
We are running this on debian 9, with pdns-recursor 4.1.0-1pdns.stretch
from https://repo.powerdns.com/debian stretch-rec-41 main
Dnssec setting as set to: log-fail
Is there any problem with the given domain or is this a bug in powerdns?
Best regards
Lars Dunemark
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
