Hi! I'm testing new version pdns-recursor-4.2.0-0.alpha1.1 . I set dnssec use mod process. When I query a record without ad or do flag, I receive the message "Answer to host.com.tw|A for 210.59.165.80:59977 validates as Bogus" . Under the mode process, isn't this verification done? Is my understanding wrong?
I am looking forward to your reply. Best regards Beck Yeh Here is my query and trace message query: root@PC-24:~# dig host.com.tw @103.17.10.61 -p 5301 ; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> host.com.tw @103.17.10.61 -p 5301 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53650 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;host.com.tw. IN A ;; Query time: 31 msec ;; SERVER: 103.17.10.61#5301(103.17.10.61) ;; WHEN: Fri Feb 22 15:02:06 DST 2019 ;; MSG SIZE rcvd: 40 trace: Feb 22 15:02:06 pdns pdns_recursor: 1 [2/1] question for 'host.com.tw|A' from 210.59.165.80:59977 Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Wants DNSSEC processing, auth data in query for A Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Looking for CNAME cache hit of 'host.com.tw|CNAME' Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: No CNAME cache hit of 'host.com.tw|CNAME' found Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: No cache hit for 'host.com.tw|A', trying to find an appropriate NS record Feb 22 15:02:06 pdns pdns_recursor: [2] : got TA for '.' Feb 22 15:02:06 pdns pdns_recursor: [2] : setting cut state for . to Secure Feb 22 15:02:06 pdns pdns_recursor: [2] : - Looking for a cut at tw Feb 22 15:02:06 pdns pdns_recursor: [2] : no TA found for 'tw' among 1 Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Wants DNSSEC processing, auth data in query for DS Feb 22 15:02:06 pdns pdns_recursor: [2] tw: No cache hit for 'tw|DS', trying to find an appropriate NS record Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name tw (from .) Feb 22 15:02:06 pdns pdns_recursor: [2] tw: initial validation status for tw is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Cache consultations done, have 1 NS to contact Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Domain has hardcoded nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] tw.: Nameservers: +168.95.1.1:53(0.00ms), +8.8.8.8:53(1.93ms), +8.8.4.4:53(3.75ms) Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Resolved '.' NS (empty) to: 168.95.1.1, 8.8.8.8, 8.8.4.4 Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Trying IP 168.95.1.1:53, asking 'tw|DS' Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Got 3 answers from (empty) (168.95.1.1), rcode=0 (No Error), aa=0, in 1ms Feb 22 15:02:06 pdns pdns_recursor: [2] tw: accept answer 'tw|DS|40792 8 2 a05db4b0deb971031361bb621e8bb1b8d7346665a3d1b06ec1431adb7d015ee9' from '.' nameservers? ttl=82724, place=1 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] tw: accept answer 'tw|RRSIG|DS 8 1 86400 20190307050000 20190222040000 16749 . lTD7WoWovROn6vPEUOhUxYKIoFYY3BXHiEzJbRU11ugFa8PbTpSaUK2S3/61NoJviDBjLgDtcFg6Isp/kcOv+BmjNgM2xLBCVwtwh8juWALyk6Bwt4eJ6GsMeLNfKzr2rtudkXqOu2HkuSGpxZAHvnbeKjBx7VdhmuJ6S60D6uPri8+NrHAUmiCWhLM++XFi9LyV7uAjttwiIhkGo0r1YaLDRoOoOq8Ilq0epp2Yh35NFi8Ns6/USjl3MuhnP7pdYKOkSMBgoVNkxINON2Zz6aE7lkECTOsewcx1anR939RdGLANGxbjZhu94Gq6l3xlYUVGjY2iwaBD3R28uyvqEQ==' from '.' nameservers? ttl=80065, place=1 RRSIG - separate Feb 22 15:02:06 pdns pdns_recursor: [2] tw: OPT answer '.' from '.' nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name tw (from .) Feb 22 15:02:06 pdns pdns_recursor: [2] : got initial zone status Secure for record tw|DS Feb 22 15:02:06 pdns pdns_recursor: [2] Validating non-additional record for tw Feb 22 15:02:06 pdns pdns_recursor: [2] Retrieving DNSKeys for . Feb 22 15:02:06 pdns pdns_recursor: [2] .: Wants DNSSEC processing, auth data in query for DNSKEY Feb 22 15:02:06 pdns pdns_recursor: [2] .: Found cache hit for DNSKEY: 256 3 8 AwEAAcH+axCdUOsTc9o+jmyVq5rsGTh1EcatSumPqEfsPBT+whyj0/UhD7cWeixV9Wqzj/cnqs8iWELqhdzGX41ZtaNQUfWNfOriASnWmX2D9m/EunplHu8nMSlDnDcT7+llE9tjk5HI1Sr7d9N16ZTIrbVALf65VB2ABbBG39dyAb7tz21PICJbSp2cd77UF7NFqEVkqohl/LkDw+7Apalmp0qAQT1Mgwi2cVxZMKUiciA6EqS+KNajf0A6olO2oEhZnGGY6b1LTg34/YfHdiIIZQqAfqbieruCGHRiSscC2ZE7iNreL/76f4JyIEUNkt6bQA29JsegxorLzQkpF7NKqZc=[ttl=86392] 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=[ttl=86392] 385 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=[ttl=86392] Feb 22 15:02:06 pdns pdns_recursor: [2] .: updating validation state with cache content for . to Secure Feb 22 15:02:06 pdns pdns_recursor: [2] Retrieved 3 DNSKeys for ., state is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] Going to validate 1 record contents with 1 sigs and 3 keys for tw Feb 22 15:02:06 pdns pdns_recursor: [2] Secure! Feb 22 15:02:06 pdns pdns_recursor: [2] tw: determining status after receiving this packet Feb 22 15:02:06 pdns pdns_recursor: [2] tw: answer is in: resolved to '40792 8 2 a05db4b0deb971031361bb621e8bb1b8d7346665a3d1b06ec1431adb7d015ee9|DS' Feb 22 15:02:06 pdns pdns_recursor: [2] tw: status=got results, this level of recursion done Feb 22 15:02:06 pdns pdns_recursor: [2] tw: validation status is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] : - Found cut at tw Feb 22 15:02:06 pdns pdns_recursor: [2] : New state for tw is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] : - Looking for a cut at com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] : no TA found for 'com.tw' among 1 Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Wants DNSSEC processing, auth data in query for DS Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: No cache hit for 'com.tw|DS', trying to find an appropriate NS record Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name com.tw (from tw) Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: initial validation status for com.tw is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Cache consultations done, have 1 NS to contact Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Domain has hardcoded nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw.: Nameservers: +168.95.1.1:53(1.85ms), +8.8.8.8:53(1.93ms), +8.8.4.4:53(3.75ms) Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Resolved '.' NS (empty) to: 168.95.1.1, 8.8.8.8, 8.8.4.4 Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Trying IP 168.95.1.1:53, asking 'com.tw|DS' Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Got 3 answers from (empty) (168.95.1.1), rcode=0 (No Error), aa=0, in 1ms Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: accept answer 'com.tw|DS|27301 8 2 2609ccd46428fca06f52f7e4488f329f494d9eb34aa60f632164e56094572555' from '.' nameservers? ttl=1996, place=1 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: accept answer 'com.tw|RRSIG|DS 8 2 3600 20190323200352 20190221200352 3984 tw. nEx8drGSbAyBx76vAMUPmcaNlzLCdL5hXAsDd+vYnNeQAuj7F5C+Y3ZXckqJerCRu6+sauguIHg38RD5ud+3EN369fnKv7tUHsuvXRa1458ywR/9lCrECaixG2OGTCaE9wbCEh48am2SULCFgaqkqNNyyuzDQ1G9u2fCzr7DY3s=' from '.' nameservers? ttl=1996, place=1 RRSIG - separate Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: OPT answer '.' from '.' nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name com.tw (from tw) Feb 22 15:02:06 pdns pdns_recursor: [2] : got initial zone status Secure for record com.tw|DS Feb 22 15:02:06 pdns pdns_recursor: [2] Validating non-additional record for com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] Retrieving DNSKeys for tw Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Wants DNSSEC processing, auth data in query for DNSKEY Feb 22 15:02:06 pdns pdns_recursor: [2] tw: No cache hit for 'tw|DNSKEY', trying to find an appropriate NS record Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name tw (from tw) Feb 22 15:02:06 pdns pdns_recursor: [2] tw: initial validation status for tw is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Cache consultations done, have 1 NS to contact Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Domain has hardcoded nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] tw.: Nameservers: +168.95.1.1:53(1.82ms), +8.8.8.8:53(1.93ms), +8.8.4.4:53(3.75ms) Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Resolved '.' NS (empty) to: 168.95.1.1, 8.8.8.8, 8.8.4.4 Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Trying IP 168.95.1.1:53, asking 'tw|DNSKEY' Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Got 6 answers from (empty) (168.95.1.1), rcode=0 (No Error), aa=0, in 1ms Feb 22 15:02:06 pdns pdns_recursor: [2] tw: accept answer 'tw|DNSKEY|257 3 8 AwEAAbqKQoLe6EipQMR3lmj8AhT3hCdndp9BXfQbpkUQFux1oGTnqGn224KC5Y/6TCV0kVufHeV6CTOolbEVhpQNrxc7uS+yDi/7Qg2tQHWJ0Yp5feDf8/BoV4bSdX4bCWYt2A0TplmkwG15aQaRx3cqxaMBSlaIfcj/+3tvZ016jBwL1YJtjAVttwFnwvPJKy9b256t/JFkvLrzX6rKA4Qkvc9JZdIRTDZ4CN5aww/nYwH018VUEo1DZOTkWPCd5toi5BcqZctXw/k+Pb8rT95pG0h3AP12Sl5BFxh4mvh7KKNZG6oykvqQtPVvGotaPkLSwwAspjzMR3UtkxCG8TW9J2c=' from '.' nameservers? ttl=799, place=1 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] tw: accept answer 'tw|DNSKEY|256 3 8 AwEAAdfkWkg/gMwTvlxxidm6qWS+BAsnt9FewxrtpEqQkSAYyjKVHjj0Zvx967yIZ0QPUPbghCXERMDlCcRHAk36xpu5etcAJYzePmnMqRT4Tl4uBrAf7Ui/Haqn/oqn5BiNwSLWrNWogXFfYYqL5dCKCzxK9UNXuHqJLka+WxVnYfWv' from '.' nameservers? ttl=799, place=1 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] tw: accept answer 'tw|DNSKEY|256 3 8 AwEAAeuu15yGn4KnrF6NmwR4PzJEIHmTy3WTiG74CsG/5Ig1kR8fLJyXc4q20upO0MN0kod/DJXgOalHe0dKxZaCxU5y1iO9T97oQB7eFLjM2rSvo543X5DDK7HNQfWK1JW/drbkmKI7zT8w45Wcawka/pWFh1PzxOYfwxqKJUkhbBW1' from '.' nameservers? ttl=799, place=1 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] tw: accept answer 'tw|RRSIG|DNSKEY 8 1 900 20190323200352 20190221200352 3984 tw. VXQuTtYNkjQjI7dcb2fhZzI/qtP7rdzjuUgAEYL5W3GZHKDbJqu88O3RZ4WW92u/mRQeYbgqC6KowGhR+D+MXGhcwvJ9Aff0RjhtKhrt1cUh2rxAl1TliZOHOyUPpx67R9fLwAG0LHjUiYXn2kwbXGJWOrO5NB0NI3ENU9EUS6o=' from '.' nameservers? ttl=799, place=1 RRSIG - separate Feb 22 15:02:06 pdns pdns_recursor: [2] tw: accept answer 'tw|RRSIG|DNSKEY 8 1 900 20190323200352 20190221200352 40792 tw. TauxgYPHj65A4XP7eJUVdHI3snLf6lwrhVRCLkK0zS1JT6Iif1AAeIQ6AjupRIkaZ8hgOe6OjtNg8OSH5WMQSifdchSZ5BNR5tTIir5JDnepL/0+Kmaun344ZJZ/57kuOenfnnvYMaYjuOIZso3eHK8wlB4qIbEyUlh+H6mpGVJ7gqn5LiiwIXPcQ0BYzG4inqrmvGr/ltzCLz3on1U4pyxcyMbggr8cphCiCwvEhrGA9CPwnCyvz12O71P/gXT4CATyrLWctaTRHZMW1UmnnzpuiHYKgD4lFW+nGAHBd7jbfODjhMXjmMW0IHCOisPFuAS+2imaYwTf1fgnzgvfxQ==' from '.' nameservers? ttl=799, place=1 RRSIG - separate Feb 22 15:02:06 pdns pdns_recursor: [2] tw: OPT answer '.' from '.' nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name tw (from tw) Feb 22 15:02:06 pdns pdns_recursor: [2] : got initial zone status Secure for record tw|DNSKEY Feb 22 15:02:06 pdns pdns_recursor: [2] Validating DNSKEY for tw Feb 22 15:02:06 pdns pdns_recursor: [2] : no TA found for 'tw' among 1 Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Wants DNSSEC processing, auth data in query for DS Feb 22 15:02:06 pdns pdns_recursor: [2] tw: Found cache hit for DS: 40792 8 2 a05db4b0deb971031361bb621e8bb1b8d7346665a3d1b06ec1431adb7d015ee9[ttl=80065] Feb 22 15:02:06 pdns pdns_recursor: [2] tw: updating validation state with cache content for tw to Secure Feb 22 15:02:06 pdns pdns_recursor: [2] : trying to validate 3 DNSKEYs with 1 DS Feb 22 15:02:06 pdns pdns_recursor: [2] : we now have 3 DNSKEYs Feb 22 15:02:06 pdns pdns_recursor: [2] tw: determining status after receiving this packet Feb 22 15:02:06 pdns pdns_recursor: [2] tw: answer is in: resolved to '257 3 8 AwEAAbqKQoLe6EipQMR3lmj8AhT3hCdndp9BXfQbpkUQFux1oGTnqGn224KC5Y/6TCV0kVufHeV6CTOolbEVhpQNrxc7uS+yDi/7Qg2tQHWJ0Yp5feDf8/BoV4bSdX4bCWYt2A0TplmkwG15aQaRx3cqxaMBSlaIfcj/+3tvZ016jBwL1YJtjAVttwFnwvPJKy9b256t/JFkvLrzX6rKA4Qkvc9JZdIRTDZ4CN5aww/nYwH018VUEo1DZOTkWPCd5toi5BcqZctXw/k+Pb8rT95pG0h3AP12Sl5BFxh4mvh7KKNZG6oykvqQtPVvGotaPkLSwwAspjzMR3UtkxCG8TW9J2c=|DNSKEY' Feb 22 15:02:06 pdns pdns_recursor: [2] tw: answer is in: resolved to '256 3 8 AwEAAdfkWkg/gMwTvlxxidm6qWS+BAsnt9FewxrtpEqQkSAYyjKVHjj0Zvx967yIZ0QPUPbghCXERMDlCcRHAk36xpu5etcAJYzePmnMqRT4Tl4uBrAf7Ui/Haqn/oqn5BiNwSLWrNWogXFfYYqL5dCKCzxK9UNXuHqJLka+WxVnYfWv|DNSKEY' Feb 22 15:02:06 pdns pdns_recursor: [2] tw: answer is in: resolved to '256 3 8 AwEAAeuu15yGn4KnrF6NmwR4PzJEIHmTy3WTiG74CsG/5Ig1kR8fLJyXc4q20upO0MN0kod/DJXgOalHe0dKxZaCxU5y1iO9T97oQB7eFLjM2rSvo543X5DDK7HNQfWK1JW/drbkmKI7zT8w45Wcawka/pWFh1PzxOYfwxqKJUkhbBW1|DNSKEY' Feb 22 15:02:06 pdns pdns_recursor: [2] tw: status=got results, this level of recursion done Feb 22 15:02:06 pdns pdns_recursor: [2] tw: validation status is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] Retrieved 3 DNSKeys for tw, state is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] Going to validate 1 record contents with 1 sigs and 3 keys for com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] Secure! Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: determining status after receiving this packet Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: answer is in: resolved to '27301 8 2 2609ccd46428fca06f52f7e4488f329f494d9eb34aa60f632164e56094572555|DS' Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: status=got results, this level of recursion done Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: validation status is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] : - Found cut at com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] : New state for com.tw is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] : - Looking for a cut at host.com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] : no TA found for 'host.com.tw' among 1 Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Wants DNSSEC processing, auth data in query for DS Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: No cache hit for 'host.com.tw|DS', trying to find an appropriate NS record Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name host.com.tw (from com.tw) Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: initial validation status for host.com.tw is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Cache consultations done, have 1 NS to contact Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Domain has hardcoded nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw.: Nameservers: +168.95.1.1:53(1.85ms), +8.8.8.8:53(1.93ms), +8.8.4.4:53(3.75ms) Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Resolved '.' NS (empty) to: 168.95.1.1, 8.8.8.8, 8.8.4.4 Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Trying IP 168.95.1.1:53, asking 'host.com.tw|DS' Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: (empty) (168.95.1.1) returned a ServFail, trying sibling IP or NS Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Trying IP 8.8.8.8:53, asking 'host.com.tw|DS' Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Got 5 answers from (empty) (8.8.8.8), rcode=0 (No Error), aa=0, in 7ms Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: accept answer '1COLL71DTTC8MTNUCJO7BH45HJ8SQMIF.com.tw|NSEC3|1 1 10 23411313 24TVGFEHEMFCUJ2DNJQFQAJ20LKI0M1N NS SOA RRSIG DNSKEY NSEC3PARAM' from '.' nameservers? ttl=899, place=2 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: accept answer '1COLL71DTTC8MTNUCJO7BH45HJ8SQMIF.com.tw|RRSIG|NSEC3 8 3 900 20190324040029 20190222040029 35688 com.tw. D3CmOqodDKFZyh905RBpmY1Og+Xka3slBtpn/e2vXHjg3tTzn5fPpcF96CEn9r2QH+n0pkQb01UFBiRRl6zYs91moK6W2Nshl5Kke2X0/ex74Qlkf1CSrPIJu85xxQSI2kYl+lo8Pzp16SrGfR0spugJuMbRdqFHA2KpJ45mL0A=' from '.' nameservers? ttl=899, place=2 RRSIG - separate Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: accept answer 'com.tw|SOA|a.twnic.net.tw. snw.twnic.net.tw. 2005679621 3600 900 604800 900' from '.' nameservers? ttl=899, place=2 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: accept answer 'com.tw|RRSIG|SOA 8 2 900 20190324062626 20190222052626 35688 com.tw. na1smYUQbO1HtMsov+cCT2Gm05N+5j6GGVJ5vuPeQNQdhvTNlOwZWwMYaBp91Vslj37tY3l03GKNucbk2yA8Wf5EGvcMfKgDfVZ9CGhtDAWDzmfnfDYnFw4utMDzf+YwLRIrNP1EFy2J6DWEZG/a6hKSmbzGF7YhU6Oc18m5vWM=' from '.' nameservers? ttl=899, place=2 RRSIG - separate Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: OPT answer '.' from '.' nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name com.tw (from com.tw) Feb 22 15:02:06 pdns pdns_recursor: [2] : got initial zone status Secure for record com.tw|SOA Feb 22 15:02:06 pdns pdns_recursor: [2] Validating non-additional record for com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] Retrieving DNSKeys for com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Wants DNSSEC processing, auth data in query for DNSKEY Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: No cache hit for 'com.tw|DNSKEY', trying to find an appropriate NS record Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name com.tw (from com.tw) Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: initial validation status for com.tw is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Cache consultations done, have 1 NS to contact Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Domain has hardcoded nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw.: Nameservers: +168.95.1.1:53(1.85ms), +8.8.4.4:53(3.75ms), +8.8.8.8:53(7.88ms) Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Resolved '.' NS (empty) to: 168.95.1.1, 8.8.4.4, 8.8.8.8 Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Trying IP 168.95.1.1:53, asking 'com.tw|DNSKEY' Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Got 4 answers from (empty) (168.95.1.1), rcode=0 (No Error), aa=0, in 2ms Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: accept answer 'com.tw|DNSKEY|256 3 8 AwEAAbLjjXxea1vg0Uy6kS3oswfx/SXvMFHnFea1yS6m9W3AYqO8FSeEceYk0qgNP5UfQk/AIbETdE6mXkLmbhRJ1agoGrtd9DN1o+8tiJtNay0syhZVS2C8MGeuok4tKDqFoUfn/XcD9voSGwVUfqrZnuLMWsCcyIkMFmQK6rqDHXfn' from '.' nameservers? ttl=900, place=1 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: accept answer 'com.tw|DNSKEY|257 3 8 AwEAAdAbPDWze/QD9LDIQSluNK3beJ3ILMg2amws0NJWapkzDE+TAc3VibXpMMxvgkhXePMrJZXEYIuCDr3SPjdqXJ0rWdXny1ac78dUSG6UYW8o6ltS4YFLA81XFSK2H64GA3U2+OAsNlZ2FsEWZhPlD2DEeGj+Cus01LB8XG9JazCpG5V65kUja1GADMbxmWnFESylpcj1bugpZjYJU2nBDtTkgUScHENNcQmmIpLjdWyNEYrdxAXhpdCRxMygMcHoSsSX89kDk7x9TDl/zgY6fjUstJ/lubv/CIElk4RL6Eg/ve9k1GI0tRn8HGYfKNovCdQMO1dIHvy1RjJU85kL+OE=' from '.' nameservers? ttl=900, place=1 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: accept answer 'com.tw|DNSKEY|256 3 8 AwEAAeOWJqzM/ezqUez9FrKvBzjLwQhsXM1yjhehtqXh+LiIYHoT8maHsTUseZHaPkJZ7rw7JS3Py4s8h5w3usOHumivzZkXWXMiEeH7N28IOpeTD7YhxiIh9DAh7sPKPJ+p9eRbmSckVGFJOCk1AkD3/3C8gKy8Dtfj3O7Md2sGo9+1' from '.' nameservers? ttl=900, place=1 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: OPT answer '.' from '.' nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name com.tw (from com.tw) Feb 22 15:02:06 pdns pdns_recursor: [2] : got initial zone status Secure for record com.tw|DNSKEY Feb 22 15:02:06 pdns pdns_recursor: [2] Validating DNSKEY for com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] : trying to validate 3 DNSKEYs with 0 DS Feb 22 15:02:06 pdns pdns_recursor: [2] : we now have 0 DNSKEYs Feb 22 15:02:06 pdns pdns_recursor: [2] : returning Bogus state from validateDNSKeys(com.tw) Feb 22 15:02:06 pdns pdns_recursor: [2] validation state was Secure, state update is Bogus, validation state is now Bogus Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: determining status after receiving this packet Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: answer is in: resolved to '256 3 8 AwEAAbLjjXxea1vg0Uy6kS3oswfx/SXvMFHnFea1yS6m9W3AYqO8FSeEceYk0qgNP5UfQk/AIbETdE6mXkLmbhRJ1agoGrtd9DN1o+8tiJtNay0syhZVS2C8MGeuok4tKDqFoUfn/XcD9voSGwVUfqrZnuLMWsCcyIkMFmQK6rqDHXfn|DNSKEY' Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: answer is in: resolved to '257 3 8 AwEAAdAbPDWze/QD9LDIQSluNK3beJ3ILMg2amws0NJWapkzDE+TAc3VibXpMMxvgkhXePMrJZXEYIuCDr3SPjdqXJ0rWdXny1ac78dUSG6UYW8o6ltS4YFLA81XFSK2H64GA3U2+OAsNlZ2FsEWZhPlD2DEeGj+Cus01LB8XG9JazCpG5V65kUja1GADMbxmWnFESylpcj1bugpZjYJU2nBDtTkgUScHENNcQmmIpLjdWyNEYrdxAXhpdCRxMygMcHoSsSX89kDk7x9TDl/zgY6fjUstJ/lubv/CIElk4RL6Eg/ve9k1GI0tRn8HGYfKNovCdQMO1dIHvy1RjJU85kL+OE=|DNSKEY' Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: answer is in: resolved to '256 3 8 AwEAAeOWJqzM/ezqUez9FrKvBzjLwQhsXM1yjhehtqXh+LiIYHoT8maHsTUseZHaPkJZ7rw7JS3Py4s8h5w3usOHumivzZkXWXMiEeH7N28IOpeTD7YhxiIh9DAh7sPKPJ+p9eRbmSckVGFJOCk1AkD3/3C8gKy8Dtfj3O7Md2sGo9+1|DNSKEY' Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: status=got results, this level of recursion done Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: validation status is Bogus Feb 22 15:02:06 pdns pdns_recursor: [2] Retrieved 0 DNSKeys for com.tw, state is Bogus Feb 22 15:02:06 pdns pdns_recursor: [2] validation state was Secure, state update is Bogus, validation state is now Bogus Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name 1COLL71DTTC8MTNUCJO7BH45HJ8SQMIF.com.tw (from com.tw) Feb 22 15:02:06 pdns pdns_recursor: [2] : got initial zone status Secure for record 1COLL71DTTC8MTNUCJO7BH45HJ8SQMIF.com.tw|NSEC3 Feb 22 15:02:06 pdns pdns_recursor: [2] Validating non-additional record for 1COLL71DTTC8MTNUCJO7BH45HJ8SQMIF.com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] Retrieving DNSKeys for com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Wants DNSSEC processing, auth data in query for DNSKEY Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: Found cache hit for DNSKEY: 256 3 8 AwEAAbLjjXxea1vg0Uy6kS3oswfx/SXvMFHnFea1yS6m9W3AYqO8FSeEceYk0qgNP5UfQk/AIbETdE6mXkLmbhRJ1agoGrtd9DN1o+8tiJtNay0syhZVS2C8MGeuok4tKDqFoUfn/XcD9voSGwVUfqrZnuLMWsCcyIkMFmQK6rqDHXfn[ttl=900] 257 3 8 AwEAAdAbPDWze/QD9LDIQSluNK3beJ3ILMg2amws0NJWapkzDE+TAc3VibXpMMxvgkhXePMrJZXEYIuCDr3SPjdqXJ0rWdXny1ac78dUSG6UYW8o6ltS4YFLA81XFSK2H64GA3U2+OAsNlZ2FsEWZhPlD2DEeGj+Cus01LB8XG9JazCpG5V65kUja1GADMbxmWnFESylpcj1bugpZjYJU2nBDtTkgUScHENNcQmmIpLjdWyNEYrdxAXhpdCRxMygMcHoSsSX89kDk7x9TDl/zgY6fjUstJ/lubv/CIElk4RL6Eg/ve9k1GI0tRn8HGYfKNovCdQMO1dIHvy1RjJU85kL+OE=[ttl=900] 256 3 8 AwEAAeOWJqzM/ezqUez9FrKvBzjLwQhsXM1yjhehtqXh+LiIYHoT8maHsTUseZHaPkJZ7rw7JS3Py4s8h5w3usOHumivzZkXWXMiEeH7N28IOpeTD7YhxiIh9DAh7sPKPJ+p9eRbmSckVGFJOCk1AkD3/3C8gKy8Dtfj3O7Md2sGo9+1[ttl=900] Feb 22 15:02:06 pdns pdns_recursor: [2] com.tw: updating validation state with cache content for com.tw to Bogus Feb 22 15:02:06 pdns pdns_recursor: [2] Retrieved 0 DNSKeys for com.tw, state is Bogus Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: determining status after receiving this packet Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: got negative caching indication for 'host.com.tw|DS' Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: status=noerror, other types may exist, but we are done (have negative SOA) Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: removing cut state for host.com.tw Feb 22 15:02:06 pdns pdns_recursor: [2] : list of cuts from host.com.tw to . Feb 22 15:02:06 pdns pdns_recursor: - .: Secure Feb 22 15:02:06 pdns pdns_recursor: - tw: Secure Feb 22 15:02:06 pdns pdns_recursor: - com.tw: Secure Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name host.com.tw (from com.tw) Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: initial validation status for host.com.tw is Secure Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Cache consultations done, have 1 NS to contact Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Domain has hardcoded nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw.: Nameservers: +168.95.1.1:53(2.36ms), +8.8.4.4:53(3.75ms), +8.8.8.8:53(7.88ms) Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Resolved '.' NS (empty) to: 168.95.1.1, 8.8.4.4, 8.8.8.8 Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Trying IP 168.95.1.1:53, asking 'host.com.tw|A' Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: Got 2 answers from (empty) (168.95.1.1), rcode=0 (No Error), aa=0, in 4ms Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: accept answer 'host.com.tw|A|202.12.77.10' from '.' nameservers? ttl=300, place=1 YES! - This answer was received from a server we forward to. Feb 22 15:02:06 pdns pdns_recursor: [2] host.com.tw: OPT answer '.' from '.' nameservers Feb 22 15:02:06 pdns pdns_recursor: [2] : got status Secure for name host.com.tw (from com.tw) Feb 22 15:02:06 pdns pdns_recursor: [2] : got initial zone status Secure for record host.com.tw|A Feb 22 15:02:07 pdns pdns_recursor: [2] Validating non-additional record for host.com.tw Feb 22 15:02:07 pdns pdns_recursor: [2] Bogus! Feb 22 15:02:07 pdns pdns_recursor: [2] validation state was Secure, state update is Bogus, validation state is now Bogus Feb 22 15:02:07 pdns pdns_recursor: [2] host.com.tw: determining status after receiving this packet Feb 22 15:02:07 pdns pdns_recursor: [2] host.com.tw: answer is in: resolved to '202.12.77.10|A' Feb 22 15:02:07 pdns pdns_recursor: [2] host.com.tw: status=got results, this level of recursion done Feb 22 15:02:07 pdns pdns_recursor: [2] host.com.tw: validation status is Bogus Feb 22 15:02:07 pdns pdns_recursor: Starting validation of answer to host.com.tw|A for 210.59.165.80:59977 Feb 22 15:02:07 pdns pdns_recursor: Answer to host.com.tw|A for 210.59.165.80:59977 validates as Bogus Feb 22 15:02:07 pdns pdns_recursor: Sending out SERVFAIL for host.com.tw|A because recursor or query demands it for Bogus results
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
