Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSSEC between 2 providers

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 157 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • QinnQ
      Qinn
      last edited by Qinn

      Hi Guys,

      Recently I ran into the following concerning DNSSEC. Someone asked me, if I could help him, as he could not access a certain website and when he tried to access the website not using his ISP there was no problem accessing this website. After some research, ruling out pfBlockerNG I analyzed the /var/log/pfblockerng/unified.log and found a ServFail, something like below:

      DNS-reply,Dec 1 11:11:34,resolver,DNSKEY,DNSKEY,Unk,websitewewanttovisit.com,127.0.0.1,ServFail,unk

      I solved his problem by adding a custom option in the DNS Resolver of pfS to work around a broken chain of trust for this website.

      server:
    domain-insecure: websitewewanttovisit.com

      How is it possible that we both use Unbound with pfSense and near to the same config, but I do not experience a DNSSEC problem for the same website as the person in question. The only thing we differ is the ISP.

      Thanks for any help/explanation in advance,

      Cheers Qinn

      Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
      Firmware: Latest-stable-pfSense CE (amd64)
      Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.