[Samba] [ADMINISTRIVIA] DNS errors for www.corpit.ru ?
Michael Tokarev
mjt at tls.msk.ru
Wed Mar 20 08:10:16 UTC 2024
19.03.2024 23:58, Marco Gaiarin via samba wrote:
>
> I've started to receive errors from DNS resolvers for the Michael repo in
> some of my installation; seems for naow related to the 'FastWEB' ISP here in
> Italy.
>
> Error seems related to DNSSEC:
>
> Mar 19 19:37:01 vcoreacpn1 named[404]: validating isrv.corpit.ru/A: got insecure response; parent indicates it should be secure
> Mar 19 19:37:01 vcoreacpn1 named[404]: validating isrv.corpit.ru/A: got insecure response; parent indicates it should be secure
> Mar 19 19:37:01 vcoreacpn1 squid[1277]: ipcacheParse No Address records in response to 'www.corpit.ru'
> Mar 19 19:37:01 vcoreacpn1 squid[1277]: ipcacheParse No Address records in response to 'www.corpit.ru'
As far as I can see, DNSSEC works for this domain just fine.
For example, https://dnsviz.net/d/corpit.ru/dnssec/ shows good DNSSEC status
(as are a few other DNSSEC debug/verify tools out there).
bind9-dig and bind9-host shows it as secure too.
unbound-host does not verify it without -D, but it does not verity any
other domain without -D. With -D unbound-host verifies it as secure too.
I dunno where your named gets insecure replies from. It would be interesting
to find out.
This issue obviously has nothing to do with samba (mailing list), but since
DNS is suspected to be non-functional, I'm replying to the list.
It would be nice to find communication mechanism without involving the list.
Marco, can you reply to me directly?
Thanks,
/mjt
More information about the samba
mailing list