[Pdns-users] Failures of recursor from within pod/coredns OR dig
Pieter Lexis
pieter.lexis at powerdns.com
Thu Oct 21 17:06:18 UTC 2021
Hi Alessandro,
On 10/21/21 17:21, Alessandro Dentella wrote:
> recursor_1 | Oct 21 15:12:40 [1] dns1b.thux.lan: OPT answer '.' from 'thux.lan' nameservers
> recursor_1 | Oct 21 15:12:40 [1] : no or invalid signature/proof for dns1b.thux.lan, we likely missed a cut between . and dns1b.thux.lan, looking for it
> recursor_1 | Oct 21 15:12:40 [1] : - Looking for a DS at lan
The trace is not complete, but you might have to either set an NTA for
.lan in your config[1] or set dnssec=off in you recursor.conf. Do the
first if you care about DNSSEC validation or the second if you don't
care about it.
Cheers,
Pieter
1 - https://doc.powerdns.com/recursor/dnssec.html#negative-trust-anchors
--
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
More information about the Pdns-users
mailing list