Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sporadic dns issue related to DNSSEC

    Scheduled Pinned Locked Moved DHCP and DNS
    22 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stoffix @johnpoz
      last edited by

      Yeah, maybe its my isp doing something weird which usually passes, but fails this one.

      I tried turning up logging and adding this to the option box (nothing else in it)

      server:
log-queries: yes
log-replies: yes

      Sometimes I get the timeout:

      [2.5.0-RELEASE][root@slottet.doff1]/root: dig www.broadcom.com

; <<>> DiG 9.16.12 <<>> www.broadcom.com
;; global options: +cmd
;; connection timed out; no servers could be reached

[2.5.0-RELEASE][root@slottet.doff1]/root:

      With these entries in the log:

      Mar 29 01:37:21 	unbound 	56883 	[56883:1] debug: cache memory msg=128389 rrset=291198 infra=165730 val=59994
Mar 29 01:37:21 	unbound 	56883 	[56883:1] debug: udp request from ip4 127.0.0.1 port 44131 (len 16)
Mar 29 01:37:21 	unbound 	56883 	[56883:1] debug: answer from the cache failed
Mar 29 01:37:21 	unbound 	56883 	[56883:1] debug: Cache reply: unchecked entry needs validation
Mar 29 01:37:21 	unbound 	56883 	[56883:1] info: 127.0.0.1 www.broadcom.com. A IN
Mar 29 01:37:16 	unbound 	56883 	[56883:1] debug: cache memory msg=128389 rrset=291198 infra=165730 val=59994
Mar 29 01:37:16 	unbound 	56883 	[56883:1] debug: udp request from ip4 127.0.0.1 port 44131 (len 16)
Mar 29 01:37:16 	unbound 	56883 	[56883:1] debug: answer from the cache failed
Mar 29 01:37:16 	unbound 	56883 	[56883:1] debug: Cache reply: unchecked entry needs validation
Mar 29 01:37:16 	unbound 	56883 	[56883:1] info: 127.0.0.1 www.broadcom.com. A IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns1.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns2.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: DelegationPoint<broadcom.com.>: 2 names (0 missing), 4 addrs (4 result, 0 avail) cacheNS
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: processQueryTargets: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: error sending query to auth server ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: Need to send query but have no outgoing interfaces of that family
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: inserted new pending reply id=112e
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: serviced query UDP timeout=376 msec
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: EDNS lookup known=0 vs=0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: dnssec status: expected
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: sending to target: <broadcom.com.> 2610:a1:1022::100#53
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: sending query: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: selrtt 376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=120000
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=96256
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: attempt to get extra 3 targets
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns1.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns2.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: DelegationPoint<broadcom.com.>: 2 names (0 missing), 4 addrs (4 result, 0 avail) cacheNS
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: processQueryTargets: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: error sending query to auth server ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: Need to send query but have no outgoing interfaces of that family
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: inserted new pending reply id=a626
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: serviced query UDP timeout=376 msec
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: EDNS lookup known=0 vs=0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: dnssec status: expected
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: sending to target: <broadcom.com.> 2610:a1:1022::100#53
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: sending query: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: selrtt 376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=120000
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=96256
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: attempt to get extra 3 targets
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns1.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns2.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: DelegationPoint<broadcom.com.>: 2 names (0 missing), 4 addrs (4 result, 0 avail) cacheNS
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: processQueryTargets: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: error sending query to auth server ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: Need to send query but have no outgoing interfaces of that family
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: inserted new pending reply id=e59a
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: serviced query UDP timeout=376 msec
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: EDNS lookup known=0 vs=0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: dnssec status: expected
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: sending to target: <broadcom.com.> 2610:a1:1022::100#53
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: sending query: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: selrtt 376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=120000
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=96256
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: attempt to get extra 3 targets
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns1.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns2.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: DelegationPoint<broadcom.com.>: 2 names (0 missing), 4 addrs (4 result, 0 avail) cacheNS
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: processQueryTargets: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: error sending query to auth server ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: Need to send query but have no outgoing interfaces of that family
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: inserted new pending reply id=42eb
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: serviced query UDP timeout=376 msec
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: EDNS lookup known=0 vs=0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: dnssec status: expected
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: sending to target: <broadcom.com.> 2610:a1:1023::100#53
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: sending query: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: selrtt 376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=120000
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=96256
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: attempt to get extra 3 targets
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns1.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns2.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: DelegationPoint<broadcom.com.>: 2 names (0 missing), 4 addrs (4 result, 0 avail) cacheNS
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: processQueryTargets: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: error sending query to auth server ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: Need to send query but have no outgoing interfaces of that family
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: inserted new pending reply id=7061
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: serviced query UDP timeout=376 msec
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: EDNS lookup known=0 vs=0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: dnssec status: expected
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: sending to target: <broadcom.com.> 2610:a1:1023::100#53
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: sending query: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: selrtt 376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=120000
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=96256
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: attempt to get extra 3 targets
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns1.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns2.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: DelegationPoint<broadcom.com.>: 2 names (0 missing), 4 addrs (4 result, 0 avail) cacheNS
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: processQueryTargets: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: error sending query to auth server ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: Need to send query but have no outgoing interfaces of that family
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: inserted new pending reply id=2225
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: serviced query UDP timeout=376 msec
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: EDNS lookup known=0 vs=0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: dnssec status: expected
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: sending to target: <broadcom.com.> 2610:a1:1023::100#53
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: sending query: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: selrtt 376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=120000
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=376
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: rtt=96256
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: servselect ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: attempt to get extra 3 targets
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns1.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns2.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: DelegationPoint<broadcom.com.>: 2 names (0 missing), 4 addrs (0 result, 4 avail) cacheNS
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: processQueryTargets: broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state QUERY TARGETS STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: resolving (init part 3): broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state INIT REQUEST STATE (stage 3)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: resolving (init part 2): broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state INIT REQUEST STATE (stage 2)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.131.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1023::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip4 156.154.130.100 port 53 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns1.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: pdns2.cscdns.net. * A AAAA
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: DelegationPoint<broadcom.com.>: 2 names (0 missing), 4 addrs (0 result, 4 avail) cacheNS
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: cache delegation returns delegpt
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: request has dependency depth of 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: resolving broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state INIT REQUEST STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: process_request: new external request event
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: mesh_run: validator module exit state is module_wait_module
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: validator: pass to next module
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: validator operate: query broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_pass
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: mesh_run: validator module exit state is module_wait_subquery
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: generate request broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: DS RRset broadcom.com. DS IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: next keyname broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: striplab 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: target keyname broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: current keyname com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: validator: FindKey www.broadcom.com. A IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: val handle processing q with state VAL_FINDKEY_STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: validated DS broadcom.com. DS IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: verify rrset cached broadcom.com. DS IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: Process cached DS response
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: No DS RRset
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: next keyname broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: striplab 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: target keyname broadcom.com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: current keyname com. DNSKEY IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: validator: FindKey www.broadcom.com. A IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: val handle processing q with state VAL_FINDKEY_STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: chased extract ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ra ; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: www.broadcom.com. IN A ;; ANSWER SECTION: www.broadcom.com. 118 IN CNAME cdn.broadcom.com. www.broadcom.com. 118 IN RRSIG CNAME 8 3 300 20210401002028 20210328001713 52716 broadcom.com. jOYNUiqp5tpM7Wy8obuKKFVa4YSWFWM7kebthvnTIMwe2ASP7jPQLKMDOIdedQIB146zzeo1eJulF01ZR8Sr6iT8BfN2BIbXK4ymtAZyyGRvy4NmxLpZbqfWmCm0+TZqbtCfvVYKOm8ZRkupu4sShCddi6u0RZa1WRomDHeOcmbZYxPxsP9jBT3Q1+TxWTbAA970nds4xyR5Sk9TQg4IwYTA3dcun/B7uzAMrzZ354OvdHO3peenDi21ypt4WlRzWqWh/jGwd3v0eXhrxR7wjOTM3mW8dfIG9VwrYHrGmvOvKnweDyf34oyAdb4t3SlggMXsuSkdivPlFOeoh6Bfrw== ;{id = 52716} cdn.broadcom.com. 3418 IN CNAME www.broadcom.com.cdn.cloudflare.net. cdn.broadcom.com. 3418 IN RRSIG CNAME 8 3 3600 20210401224511 20210328223250 52716 broadcom.com. F3QWF0hmxtfBm99RXGkG/Sf9MYrNi8qK3oR5f+FZCsOtD/rzFjR7YMJW56y7lH8tFzLnpLKTtTasXfcdKBlUKmbvMJHUEagh6cQqoXpUpBBlk4fCr7JvI/7Sxgm0vxrLDv8m6njtfLsRYG63EG8arnRf4De2VhIaomDrJOmaTpYZMMTSetcHd+F3wjNRHx4H0YVz+i1z571mlrfY59J9xzQZwhcK4YhZbrERRyRTwDxOy3lmeCJPJ42u2qM0Gi90mtU6mRbq5uxgDLiSLVuceL9E7Ot28Y4Yz+H9LOshlOMFRH8KTzWBWMU5YlgUj0TOC90yk0FbUqxhA0JCRCbyJg== ;{id = 52716} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 701
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: signer is broadcom.com. TYPE0 CLASS0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: validator classification cname
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: val handle processing q with state VAL_INIT_STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: validator: nextmodule returned
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: validator operate: query www.broadcom.com. A IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: mesh_run: iterator module exit state is module_finished
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: prepending 2 rrsets
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: finishing processing for www.broadcom.com. A IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state FINISHED RESPONSE STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: returning answer from cache.
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: msg ttl is 118, prefetch ttl 88
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: www.broadcom.com.cdn.cloudflare.net. IN A ;; ANSWER SECTION: www.broadcom.com.cdn.cloudflare.net. 118 IN A 104.18.5.158 www.broadcom.com.cdn.cloudflare.net. 118 IN A 104.18.4.158 www.broadcom.com.cdn.cloudflare.net. 118 IN RRSIG A 13 6 300 20210330003409 20210327223409 34505 cloudflare.net. FyGO+ud5OlsfNVK9CKTpOPUQhUzOBLnWWCI+ZWS5kJ9TiRXg3m4Q9N1uOTAVFiOZRkpN+iDk4GO2mFOqLcN6vQ== ;{id = 34505} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 195
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: request has dependency depth of 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: resolving www.broadcom.com. A IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state INIT REQUEST STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: returning CNAME response from cache
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: msg ttl is 3418, prefetch ttl 3077
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: cdn.broadcom.com. IN A ;; ANSWER SECTION: cdn.broadcom.com. 3418 IN CNAME www.broadcom.com.cdn.cloudflare.net. cdn.broadcom.com. 3418 IN RRSIG CNAME 8 3 3600 20210401224511 20210328223250 52716 broadcom.com. F3QWF0hmxtfBm99RXGkG/Sf9MYrNi8qK3oR5f+FZCsOtD/rzFjR7YMJW56y7lH8tFzLnpLKTtTasXfcdKBlUKmbvMJHUEagh6cQqoXpUpBBlk4fCr7JvI/7Sxgm0vxrLDv8m6njtfLsRYG63EG8arnRf4De2VhIaomDrJOmaTpYZMMTSetcHd+F3wjNRHx4H0YVz+i1z571mlrfY59J9xzQZwhcK4YhZbrERRyRTwDxOy3lmeCJPJ42u2qM0Gi90mtU6mRbq5uxgDLiSLVuceL9E7Ot28Y4Yz+H9LOshlOMFRH8KTzWBWMU5YlgUj0TOC90yk0FbUqxhA0JCRCbyJg== ;{id = 52716} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 383
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: request has dependency depth of 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: resolving www.broadcom.com. A IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state INIT REQUEST STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: returning CNAME response from cache
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: msg ttl is 118, prefetch ttl 107
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: www.broadcom.com. IN A ;; ANSWER SECTION: www.broadcom.com. 118 IN CNAME cdn.broadcom.com. www.broadcom.com. 118 IN RRSIG CNAME 8 3 300 20210401002028 20210328001713 52716 broadcom.com. jOYNUiqp5tpM7Wy8obuKKFVa4YSWFWM7kebthvnTIMwe2ASP7jPQLKMDOIdedQIB146zzeo1eJulF01ZR8Sr6iT8BfN2BIbXK4ymtAZyyGRvy4NmxLpZbqfWmCm0+TZqbtCfvVYKOm8ZRkupu4sShCddi6u0RZa1WRomDHeOcmbZYxPxsP9jBT3Q1+TxWTbAA970nds4xyR5Sk9TQg4IwYTA3dcun/B7uzAMrzZ354OvdHO3peenDi21ypt4WlRzWqWh/jGwd3v0eXhrxR7wjOTM3mW8dfIG9VwrYHrGmvOvKnweDyf34oyAdb4t3SlggMXsuSkdivPlFOeoh6Bfrw== ;{id = 52716} ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 352
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: request has dependency depth of 0
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: resolving www.broadcom.com. A IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iter_handle processing q with state INIT REQUEST STATE
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: process_request: new external request event
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: mesh_run: validator module exit state is module_wait_module
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: validator: pass to next module
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: validator operate: query www.broadcom.com. A IN
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: mesh_run: start
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: udp request from ip4 127.0.0.1 port 44131 (len 16)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: answer from the cache failed
Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: 127.0.0.1 www.broadcom.com. A IN

      I see the lines repeated several times:

      Mar 29 01:37:11 	unbound 	56883 	[56883:0] info: error sending query to auth server ip6 2610:a1:1022::100 port 53 (len 28)
Mar 29 01:37:11 	unbound 	56883 	[56883:0] debug: Need to send query but have no outgoing interfaces of that family

      Could the issue somehow be ipv6 related? Since my isp doesn't deliver ipv6?
      Other times I get this result:

      [2.5.0-RELEASE][root@slottet.doff1]/root: dig www.broadcom.com

; <<>> DiG 9.16.12 <<>> www.broadcom.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64916
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.broadcom.com.              IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar 29 01:35:15 CEST 2021
;; MSG SIZE  rcvd: 45

[2.5.0-RELEASE][root@slottet.doff1]/root:

      It's missing the 'ad' flag!
      With this in the log:

      Mar 29 01:35:16 	unbound 	56883 	[56883:1] debug: close fd 43
Mar 29 01:35:16 	unbound 	56883 	[56883:1] debug: comm_point_close of 43: event_del
Mar 29 01:35:16 	unbound 	56883 	[56883:1] debug: tcp took too long, dropped
Mar 29 01:35:15 	unbound 	56883 	[56883:0] info: 127.0.0.1 www.broadcom.com. A IN SERVFAIL 0.000000 1 45
Mar 29 01:35:15 	unbound 	56883 	[56883:0] info: 127.0.0.1 www.broadcom.com. A IN

      I find this quite puzzling!
      For reference checking with google I get the same result as you:

      [2.5.0-RELEASE][root@slottet.doff1]/root: dig @8.8.8.8 www.broadcom.com

; <<>> DiG 9.16.12 <<>> @8.8.8.8 www.broadcom.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49208
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.broadcom.com.              IN      A

;; ANSWER SECTION:
www.broadcom.com.       299     IN      CNAME   cdn.broadcom.com.
cdn.broadcom.com.       3599    IN      CNAME   www.broadcom.com.cdn.cloudflare.net.
www.broadcom.com.cdn.cloudflare.net. 299 IN A   104.18.4.158
www.broadcom.com.cdn.cloudflare.net. 299 IN A   104.18.5.158

;; Query time: 58 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 29 02:02:18 CEST 2021
;; MSG SIZE  rcvd: 144

[2.5.0-RELEASE][root@slottet.doff1]/root:

      I can't find anything in the log for this, but i guess it's because google resolved the address, and not my resolver.

      Could this be an ipv6 related issue? maybe a configuration fault on my side?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @stoffix
        last edited by johnpoz

        @stoffix said in Sporadic dns issue related to DNSSEC:

        Could this be an ipv6 related issue? maybe a configuration fault on my side?

        If you have no IPv6 - why would it even try to talk to an IPv6 server?

        You could try setting
        do-ip6: no

        In your options box.. But it shouldn't even try if you don't have ipv6 on your wan..

        Mar 29 01:37:11 unbound 56883 [56883:0] debug: Need to send query but have no outgoing interfaces of that family

        That makes no sense to me - unless all you got back for some NS was an AAAA

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @johnpoz
          last edited by

          First things first : I just generated a new 'DNSSEC' report, as the latest on dnsviz.net was 3 months old :

          https://dnsviz.net/d/broadcom.com/YGFlsg/dnssec/

          which doesn't show a nice clean result.

          @stoffix said in Sporadic dns issue related to DNSSEC:

          ;; connection timed out; no servers could be reached

          unbound getting restarted by an incoming DHCP lease ?

          Check the resolver log : how many time it restarts per day ? hour ? minute ?
          Just to be sure, uncheck :

          35e86b74-73dc-472d-856e-c01e79e7e5de-image.png

          Btw : I did a new test on dnsviz.net, 2 minutes later.
          https://dnsviz.net/d/broadcom.com/YGFoPg/dnssec/
          This time : no red 'fatal' error messages - just 4 warnings. Looks like they are in the middle of some KSK shift.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          johnpozJ S 2 Replies Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Gertjan
            last edited by

            @gertjan said in Sporadic dns issue related to DNSSEC:

            atest on dnsviz.net was 3 months old :

            No because I updated it when I did it - so not sure how that was possible.

            But yeah failure to talk to someone is not a dnssec failure..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • S
              stoffix @Gertjan
              last edited by

              @gertjan
              dhcp registration was on, i've turned it off last night.
              At the moment the log fills so quicly i can't see how often it restarted, but it's off now anyway. Thanks.

              my options box now reads:

              server:
log-queries: yes
log-replies: yes
do-ip6: no

              My wan is a pppoe, and I don't have a public ipv6 address. I checked the interface status page and for my wan it shows a link-local ipv6, maybe that's why the resolver was trying ipv6 as well?
              For now dig only seems to show a timeout checking www.broadcom.com
              I got some more detailed logs from the resolver in the attatched file: log.txt
              It's too large to write it in the post.

              Some entries looks interesting:

              Mar 29 14:57:01 	unbound 	99799 	[99799:1] debug: Cache reply: unchecked entry needs validation

Mar 29 14:56:56 	unbound 	99799 	[99799:1] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 239 recursion replies sent, 0 replies dropped, 0 states jostled out
Mar 29 14:56:56 	unbound 	99799 	[99799:1] debug: mesh_run: iterator module exit state is module_wait_reply

Mar 29 14:56:56 	unbound 	99799 	[99799:1] debug: timeout udp

Mar 29 14:57:00 	unbound 	99799 	[99799:1] debug: query response was timeout

Mar 29 14:57:11 	unbound 	99799 	[99799:1] debug: out of query targets -- returning SERVFAIL

Mar 29 14:57:42 	unbound 	99799 	[99799:1] info: Missing DNSKEY RRset in response to DNSKEY query.

Mar 29 14:57:42 	unbound 	99799 	[99799:1] debug: not validating response, is valrec(validation recursion lookup)

              And the responses I see in the log doesn't show the 'ad' flag either.
              If I should guess it looks like unbound is unable to validate (dnssec) www.broadcom.com by not getting some query responsens, and therefore timeouts while waiting for said responses. It looks like unbound keeps trying for a little while after dig gives up -not that it makes a difference.

              Could there be an ipv4 specific issue somewhere?
              Or maye a "geographical" issue? (I'm located in northern Norway)

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @stoffix
                last edited by johnpoz

                @stoffix said in Sporadic dns issue related to DNSSEC:

                Or maye a "geographical" issue?

                Possible - when you resolve you have to talk to the authoritative nameservers for a domain or tld, etc. So yeah its possible that isp peering issues, or just geographic issues related to latency could cause pain in resolving.

                So if unbound has issues talking to specific NS returned, then it should try not to talk to those and choose more the NS with better response times, etc. But if your cache was clearing all the time because of unbound restarts.. Then it wouldn't know which ns it was having issues with, etc.

                Now that you have unbound not restarting all the time, see if you settle down for resolving that fqdn.. You can always look up details of how a specific fqdn would be looked up.

                [21.02-RELEASE][admin@sg4860.local.lan]/: unbound-control -c /var/unbound/unbound.conf lookup www.broadcom.com
The following name servers are used for lookup of www.broadcom.com.
;rrset 7932 13 0 2 0
com.    7932    IN      NS      a.gtld-servers.net.
com.    7932    IN      NS      b.gtld-servers.net.
com.    7932    IN      NS      c.gtld-servers.net.
com.    7932    IN      NS      d.gtld-servers.net.
com.    7932    IN      NS      e.gtld-servers.net.
com.    7932    IN      NS      f.gtld-servers.net.
com.    7932    IN      NS      g.gtld-servers.net.
com.    7932    IN      NS      h.gtld-servers.net.
com.    7932    IN      NS      i.gtld-servers.net.
com.    7932    IN      NS      j.gtld-servers.net.
com.    7932    IN      NS      k.gtld-servers.net.
com.    7932    IN      NS      l.gtld-servers.net.
com.    7932    IN      NS      m.gtld-servers.net.
;rrset 7932 1 1 11 5
com.    7932    IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
com.    7932    IN      RRSIG   DS 8 1 86400 20210410050000 20210328040000 42351 . jHnh+pTanx1cXVQCLOzD1VMZ/aDZYQWIN6mGvldH233rd5wBXvrHFA7la5osDjKb12bETey69jObKgCeEIKx5eq3ILxlKRBMcKdrl/GFjjobuFZHxvSlUbjzUhy0YIUx5d9mNBrpDdiCoOx8870VbKCub22VN5SE2td0Iz3Sbz4RP382hFq2xylU6TrEnIYduXDA6pr7uFs8ItjXmZKgMkFSZbDAERIpjBbUYYoWReREol9PoQOm/0Pku9ohOvVzubNtRtVqAcQ2YC0iPQjy/cY4At7GfDYm20bBI26M9j2MHKmXWbkjBUp822YN2NPc30YZfcJiMLazJuPQmCQQuA== ;{id = 42351}
;rrset 7932 1 0 1 0
m.gtld-servers.net.     7932    IN      A       192.55.83.30
;rrset 7932 1 0 1 0
m.gtld-servers.net.     7932    IN      AAAA    2001:501:b1f9::30
;rrset 7932 1 0 1 0
l.gtld-servers.net.     7932    IN      A       192.41.162.30
;rrset 7932 1 0 1 0
l.gtld-servers.net.     7932    IN      AAAA    2001:500:d937::30
;rrset 7932 1 0 1 0
k.gtld-servers.net.     7932    IN      A       192.52.178.30
;rrset 7932 1 0 1 0
k.gtld-servers.net.     7932    IN      AAAA    2001:503:d2d::30
;rrset 7932 1 0 1 0
j.gtld-servers.net.     7932    IN      A       192.48.79.30
;rrset 7932 1 0 1 0
j.gtld-servers.net.     7932    IN      AAAA    2001:502:7094::30
;rrset 7932 1 0 1 0
i.gtld-servers.net.     7932    IN      A       192.43.172.30
;rrset 7932 1 0 1 0
i.gtld-servers.net.     7932    IN      AAAA    2001:503:39c1::30
;rrset 7932 1 0 1 0
h.gtld-servers.net.     7932    IN      A       192.54.112.30
;rrset 7932 1 0 1 0
h.gtld-servers.net.     7932    IN      AAAA    2001:502:8cc::30
;rrset 7932 1 0 1 0
g.gtld-servers.net.     7932    IN      A       192.42.93.30
;rrset 7932 1 0 1 0
g.gtld-servers.net.     7932    IN      AAAA    2001:503:eea3::30
;rrset 7932 1 0 1 0
f.gtld-servers.net.     7932    IN      A       192.35.51.30
;rrset 7932 1 0 1 0
f.gtld-servers.net.     7932    IN      AAAA    2001:503:d414::30
;rrset 7932 1 0 1 0
e.gtld-servers.net.     7932    IN      A       192.12.94.30
;rrset 7932 1 0 1 0
e.gtld-servers.net.     7932    IN      AAAA    2001:502:1ca1::30
;rrset 7932 1 0 1 0
d.gtld-servers.net.     7932    IN      A       192.31.80.30
;rrset 7932 1 0 1 0
d.gtld-servers.net.     7932    IN      AAAA    2001:500:856e::30
;rrset 7932 1 0 1 0
c.gtld-servers.net.     7932    IN      A       192.26.92.30
;rrset 7932 1 0 1 0
c.gtld-servers.net.     7932    IN      AAAA    2001:503:83eb::30
;rrset 7932 1 0 1 0
b.gtld-servers.net.     7932    IN      A       192.33.14.30
;rrset 7932 1 0 1 0
b.gtld-servers.net.     7932    IN      AAAA    2001:503:231d::2:30
;rrset 7932 1 0 1 0
a.gtld-servers.net.     7932    IN      A       192.5.6.30
;rrset 7932 1 0 1 0
a.gtld-servers.net.     7932    IN      AAAA    2001:503:a83e::2:30
Delegation with 13 names, of which 0 can be examined to query further addresses.
It provides 26 IP addresses.
2001:503:a83e::2:30     not in infra cache.
192.5.6.30              expired, rto 3390592 msec, tA 0 tAAAA 0 tother 0.
2001:503:231d::2:30     not in infra cache.
192.33.14.30            expired, rto 3390592 msec, tA 0 tAAAA 0 tother 0.
2001:503:83eb::30       not in infra cache.
192.26.92.30            expired, rto 3390592 msec, tA 0 tAAAA 0 tother 0.
2001:500:856e::30       not in infra cache.
192.31.80.30            rto 320 msec, ttl 717, ping 4 var 79 rtt 320, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:1ca1::30       not in infra cache.
192.12.94.30            not in infra cache.
2001:503:d414::30       not in infra cache.
192.35.51.30            not in infra cache.
2001:503:eea3::30       not in infra cache.
192.42.93.30            not in infra cache.
2001:502:8cc::30        not in infra cache.
192.54.112.30           not in infra cache.
2001:503:39c1::30       not in infra cache.
192.43.172.30           not in infra cache.
2001:502:7094::30       not in infra cache.
192.48.79.30            not in infra cache.
2001:503:d2d::30        not in infra cache.
192.52.178.30           not in infra cache.
2001:500:d937::30       not in infra cache.
192.41.162.30           not in infra cache.
2001:501:b1f9::30       not in infra cache.
192.55.83.30            not in infra cache.
[21.02-RELEASE][admin@sg4860.local.lan]/:

                Keeping in mind that you have more than those to contend with because the cname points to cloudflare as well.

                [21.02-RELEASE][admin@sg4860.local.lan]/: unbound-control -c /var/unbound/unbound.conf lookup www.broadcom.com.cdn.cloudflare.net
The following name servers are used for lookup of www.broadcom.com.cdn.cloudflare.net.
;rrset 14314 5 0 2 0
cloudflare.net. 14314   IN      NS      ns1.cloudflare.net.
cloudflare.net. 14314   IN      NS      ns2.cloudflare.net.
cloudflare.net. 14314   IN      NS      ns3.cloudflare.net.
cloudflare.net. 14314   IN      NS      ns4.cloudflare.net.
cloudflare.net. 14314   IN      NS      ns5.cloudflare.net.
;rrset 14314 1 1 11 5
cloudflare.net. 14314   IN      DS      2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B
cloudflare.net. 14314   IN      RRSIG   DS 8 2 86400 20210404052352 20210328041352 30944 net. JmDnk7yeQJZDVl5Fz1Ijo9tw7egwoRYaGP9kkwogFOkGUreJvF3LFocfKCnpAolV3692TrYCWoUVglgTm5Ye2KSAoEl8D7J58UTbczpeyncrNMjXe6E1WZBe02smwe6njOeRDM3mJBNt1AUVWNqMK4OMETYGyGPhs4QYUVFnzXK9ynxp+Be9YwMQJjyEfYO30uy6nL/hF9SYRrHTbf4QIQ== ;{id = 30944}
;rrset 14314 1 0 1 0
ns5.cloudflare.net.     14314   IN      A       198.41.223.31
;rrset 14314 1 0 1 0
ns5.cloudflare.net.     14314   IN      AAAA    2400:cb00:2049:1::c629:df1f
;rrset 14314 1 0 1 0
ns4.cloudflare.net.     14314   IN      A       198.41.223.131
;rrset 14314 1 0 1 0
ns4.cloudflare.net.     14314   IN      AAAA    2400:cb00:2049:1::c629:df83
;rrset 14314 1 0 1 0
ns3.cloudflare.net.     14314   IN      A       198.41.222.31
;rrset 14314 1 0 1 0
ns3.cloudflare.net.     14314   IN      AAAA    2400:cb00:2049:1::c629:de1f
;rrset 14314 1 0 1 0
ns2.cloudflare.net.     14314   IN      A       198.41.222.131
;rrset 14314 1 0 1 0
ns2.cloudflare.net.     14314   IN      AAAA    2400:cb00:2049:1::c629:de83
;rrset 14314 1 0 1 0
ns1.cloudflare.net.     14314   IN      A       173.245.59.31
;rrset 14314 1 0 1 0
ns1.cloudflare.net.     14314   IN      AAAA    2400:cb00:2049:1::adf5:3b1f
Delegation with 5 names, of which 0 can be examined to query further addresses.
It provides 10 IP addresses.
2400:cb00:2049:1::adf5:3b1f     not in infra cache.
173.245.59.31           expired, rto 3390592 msec, tA 0 tAAAA 0 tother 0.
2400:cb00:2049:1::c629:de83     not in infra cache.
198.41.222.131          expired, rto 3390592 msec, tA 0 tAAAA 0 tother 0.
2400:cb00:2049:1::c629:de1f     not in infra cache.
198.41.222.31           expired, rto 3390592 msec, tA 0 tAAAA 0 tother 0.
2400:cb00:2049:1::c629:df83     not in infra cache.
198.41.223.131          expired, rto 3390592 msec, tA 0 tAAAA 0 tother 0.
2400:cb00:2049:1::c629:df1f     not in infra cache.
198.41.223.31           expired, rto 3390592 msec, tA 0 tAAAA 0 tother 0.
[21.02-RELEASE][admin@sg4860.local.lan]/:

                BTW - you might notice I have no ipv6 ns in the infra cache, because I have no-ip6 set as well.. Was playing with that from another thread a couple days back.. And hadn't yet removed it..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                S 1 Reply Last reply Reply Quote 0
                • S
                  stoffix @johnpoz
                  last edited by

                  It's interesting that you have no-ip6 set as well, since we shouldn't percieve any difference then.

                  When I look up the cloudflare fqdn It's almost letter by letter the same as yours:

                  [2.5.0-RELEASE][root@slottet.doff1]/root: unbound-control -c /var/unbound/unbound.conf lookup www.broadcom.com.cdn.cloudflare.net
The following name servers are used for lookup of www.broadcom.com.cdn.cloudflare.net.
;rrset 82086 5 0 2 0
cloudflare.net. 82086   IN      NS      ns1.cloudflare.net.
cloudflare.net. 82086   IN      NS      ns2.cloudflare.net.
cloudflare.net. 82086   IN      NS      ns3.cloudflare.net.
cloudflare.net. 82086   IN      NS      ns4.cloudflare.net.
cloudflare.net. 82086   IN      NS      ns5.cloudflare.net.
;rrset 82086 1 1 11 5
cloudflare.net. 82086   IN      DS      2371 13 2 90F710A107DA51ED78125D30A68704CF3C0308AFD01BFCD7057D4BD03B62C68B
cloudflare.net. 82086   IN      RRSIG   DS 8 2 86400 20210404052352 20210328041352 30944 net. JmDnk7yeQJZDVl5Fz1Ijo9tw7egwoRYaGP9kkwogFOkGUreJvF3LFocfKCnpAolV3692TrYCWo                                  UVglgTm5Ye2KSAoEl8D7J58UTbczpeyncrNMjXe6E1WZBe02smwe6njOeRDM3mJBNt1AUVWNqMK4OMETYGyGPhs4QYUVFnzXK9ynxp+Be9YwMQJjyEfYO30uy6nL/hF9SYRrHTbf4QIQ== ;{id = 30944}
;rrset 82086 1 0 1 0
ns5.cloudflare.net.     82086   IN      A       198.41.223.31
;rrset 82086 1 0 1 0
ns5.cloudflare.net.     82086   IN      AAAA    2400:cb00:2049:1::c629:df1f
;rrset 82086 1 0 1 0
ns4.cloudflare.net.     82086   IN      A       198.41.223.131
;rrset 82086 1 0 1 0
ns4.cloudflare.net.     82086   IN      AAAA    2400:cb00:2049:1::c629:df83
;rrset 82086 1 0 1 0
ns3.cloudflare.net.     82086   IN      A       198.41.222.31
;rrset 82086 1 0 1 0
ns3.cloudflare.net.     82086   IN      AAAA    2400:cb00:2049:1::c629:de1f
;rrset 82086 1 0 1 0
ns2.cloudflare.net.     82086   IN      A       198.41.222.131
;rrset 82086 1 0 1 0
ns2.cloudflare.net.     82086   IN      AAAA    2400:cb00:2049:1::c629:de83
;rrset 82086 1 0 1 0
ns1.cloudflare.net.     82086   IN      A       173.245.59.31
;rrset 82086 1 0 1 0
ns1.cloudflare.net.     82086   IN      AAAA    2400:cb00:2049:1::adf5:3b1f
Delegation with 5 names, of which 0 can be examined to query further addresses.
It provides 10 IP addresses.
2400:cb00:2049:1::adf5:3b1f     not in infra cache.
173.245.59.31           not in infra cache.
2400:cb00:2049:1::c629:de83     not in infra cache.
198.41.222.131          expired, rto 3390592 msec, tA 0 tAAAA 0 tother 0.
2400:cb00:2049:1::c629:de1f     not in infra cache.
198.41.222.31           rto 233 msec, ttl 553, ping 9 var 56 rtt 233, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2400:cb00:2049:1::c629:df83     not in infra cache.
198.41.223.131          rto 315 msec, ttl 553, ping 3 var 78 rtt 315, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2400:cb00:2049:1::c629:df1f     not in infra cache.
198.41.223.31           rto 271 msec, ttl 553, ping 7 var 66 rtt 271, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
[2.5.0-RELEASE][root@slottet.doff1]/root:

                  For broadcom.com I only get two nameservers, and they're different than yours:

                  [2.5.0-RELEASE][root@slottet.doff1]/root: unbound-control -c /var/unbound/unbound.conf lookup www.broadcom.com
The following name servers are used for lookup of www.broadcom.com.
;rrset 86355 2 0 2 0
broadcom.com.   86355   IN      NS      pdns1.cscdns.net.
broadcom.com.   86355   IN      NS      pdns2.cscdns.net.
;rrset 86355 2 1 11 5
broadcom.com.   86355   IN      DS      61210 8 1 6F0A9DF17ED6E1F31F2F184A038AF07D2D7DDF97
broadcom.com.   86355   IN      DS      61210 8 2 7A97793031AC4256DAEE3DCAC603519C4BE1283690CDA1636A5DC6CB27F2F188
broadcom.com.   86355   IN      RRSIG   DS 8 2 86400 20210402044422 20210326033422 58540 com. PYny3W5dKW0diYul/Rv1lUv6s60MdPIan2Fa2+DWFqBtYmAseik7/aPHdhTJoAxU3I1JtTT5uNEwpcAYrhL3giFj2ajJ9XQN95uXjlYpMdbm7Yhqw6YSi6myqLAGnxJP+EUV8DTf9xEDUF8hN9PeFIJ8Qa26Hw4iZWMs93p0dP8GP7PxpwHMG0sQviG3+LkPTrT6GJPHCXSyz2b94bwLeg== ;{id = 58540}
;rrset 14355 1 0 8 0
pdns2.cscdns.net.       14355   IN      A       156.154.131.100
;rrset 14355 1 0 8 0
pdns1.cscdns.net.       14355   IN      A       156.154.130.100
Delegation with 2 names, of which 2 can be examined to query further addresses.
It provides 2 IP addresses.
156.154.130.100         rto 119000 msec, ttl 855, ping 13 var 79 rtt 329, tA 0, tAAAA 0, tother 3, probedelay 21, EDNS 0 probed.
156.154.131.100         rto 119000 msec, ttl 856, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 3, probedelay 12, EDNS 0 assumed.
[2.5.0-RELEASE][root@slottet.doff1]/root:

                  With DNSSEC disabled I get this:

                  [2.5.0-RELEASE][root@slottet.doff1]/root: dig www.broadcom.com

; <<>> DiG 9.16.12 <<>> www.broadcom.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47615
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.broadcom.com.              IN      A

;; ANSWER SECTION:
www.broadcom.com.       94      IN      CNAME   cdn.broadcom.com.
cdn.broadcom.com.       3394    IN      CNAME   www.broadcom.com.cdn.cloudflare.net.
www.broadcom.com.cdn.cloudflare.net. 94 IN A    104.18.5.158
www.broadcom.com.cdn.cloudflare.net. 94 IN A    104.18.4.158

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar 29 17:16:39 CEST 2021
;; MSG SIZE  rcvd: 144

                  [2.5.0-RELEASE][root@slottet.doff1]/root: unbound-control -c /var/unbound/unbound.conf lookup www.broadcom.com
The following name servers are used for lookup of www.broadcom.com.
;rrset 85586 2 0 2 0
broadcom.com.   85586   IN      NS      pdns1.cscdns.net.
broadcom.com.   85586   IN      NS      pdns2.cscdns.net.
;rrset 85586 2 1 2 0
broadcom.com.   85586   IN      DS      61210 8 1 6F0A9DF17ED6E1F31F2F184A038AF07D2D7DDF97
broadcom.com.   85586   IN      DS      61210 8 2 7A97793031AC4256DAEE3DCAC603519C4BE1283690CDA1636A5DC6CB27F2F188
broadcom.com.   85586   IN      RRSIG   DS 8 2 86400 20210402044422 20210326033422 58540 com. PYny3W5dKW0diYul/Rv1lUv6s60MdPIan2Fa2+DWFqBtYmAseik7/aPHdhTJoAxU3I1JtTT5uNEwpcAYrhL3giFj2ajJ9XQN95uXjlYpMdbm7Yhqw6YSi6myqLAGnxJP+EUV8DTf9xEDUF8hN9PeFIJ8Qa26Hw4iZWMs93p0dP8GP7PxpwHMG0sQviG3+LkPTrT6GJPHCXSyz2b94bwLeg== ;{id = 58540}
;rrset 13587 1 0 8 0
pdns2.cscdns.net.       13587   IN      A       156.154.131.100
;rrset 13587 1 0 8 0
pdns1.cscdns.net.       13587   IN      A       156.154.130.100
Delegation with 2 names, of which 2 can be examined to query further addresses.
It provides 2 IP addresses.
156.154.130.100         rto 307 msec, ttl 87, ping 11 var 74 rtt 307, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
156.154.131.100         not in infra cache.

[2.5.0-RELEASE][root@slottet.doff1]/root:

                  The only differences I notice betwenn dnssec support enabled/disabled is some of the rrset digits are different.
                  Could it be an issue with "my" nameservers?

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @stoffix
                    last edited by johnpoz

                    Ah you had them cached, mine didn't so it just listed the NS it knew about that it would need to talk to to look that up.. Once I actually did a query for it, then the actual ns would be listed.

                    [21.02-RELEASE][admin@sg4860.local.lan]/: unbound-control -c /var/unbound/unbound.conf lookup www.broadcom.com
The following name servers are used for lookup of www.broadcom.com.
;rrset 86396 2 0 2 0
broadcom.com.   86396   IN      NS      pdns1.cscdns.net.
broadcom.com.   86396   IN      NS      pdns2.cscdns.net.
;rrset 86396 2 1 11 5
broadcom.com.   86396   IN      DS      61210 8 1 6F0A9DF17ED6E1F31F2F184A038AF07D2D7DDF97
broadcom.com.   86396   IN      DS      61210 8 2 7A97793031AC4256DAEE3DCAC603519C4BE1283690CDA1636A5DC6CB27F2F188
broadcom.com.   86396   IN      RRSIG   DS 8 2 86400 20210402044422 20210326033422 58540 com. PYny3W5dKW0diYul/Rv1lUv6s60MdPIan2Fa2+DWFqBtYmAseik7/aPHdhTJoAxU3I1JtTT5uNEwpcAYrhL3giFj2ajJ9XQN95uXjlYpMdbm7Yhqw6YSi6myqLAGnxJP+EUV8DTf9xEDUF8hN9PeFIJ8Qa26Hw4iZWMs93p0dP8GP7PxpwHMG0sQviG3+LkPTrT6GJPHCXSyz2b94bwLeg== ;{id = 58540}
;rrset 14396 1 0 8 0
pdns2.cscdns.net.       14396   IN      A       156.154.131.100
;rrset 14396 1 0 8 0
pdns1.cscdns.net.       14396   IN      A       156.154.130.100
Delegation with 2 names, of which 2 can be examined to query further addresses.
It provides 2 IP addresses.
156.154.130.100         rto 191 msec, ttl 896, ping 3 var 47 rtt 191, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
156.154.131.100         not in infra cache.
[21.02-RELEASE][admin@sg4860.local.lan]/:

                    Your "tother 3" could point to time outs for other records, ie your dnssec stuff..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • S
                      stoffix
                      last edited by

                      I (spending way too much time) found out "tother 3" means timeout other and 3 is the maximum value.

                      I guess there's not much more to do/find out about this. If the problem escalates I'll just have to turn off DNSSEC, at least now I know where to look.

                      Thank you for all your help!

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @stoffix
                        last edited by

                        tA and tAAAA and tother should all be zeros.. If they are not - then your having problems talking to that NS.. either network issues, or it just sucks as a NS and isn't answering.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        S 1 Reply Last reply Reply Quote 0
                        • S
                          stoffix @johnpoz
                          last edited by

                          Hopefully it just sucks as a NS, since it works without DNSSEC and I don't want network issues!
                          It's been a great learning experience. For now I keep DNSSEC on, and have an exeption for broadcom and turned off ipv6 in unbound as you suggested.

                          johnpozJ 1 Reply Last reply Reply Quote 0
                          • johnpozJ
                            johnpoz LAYER 8 Global Moderator @stoffix
                            last edited by

                            Them pointing cname to cname isn't best practice either. While its allowed - it causes extra lookups..

                            ;; QUESTION SECTION:
;www.broadcom.com.              IN      A

;; ANSWER SECTION:
www.broadcom.com.       300     IN      CNAME   cdn.broadcom.com.
cdn.broadcom.com.       3600    IN      CNAME   www.broadcom.com.cdn.cloudflare.net.

                            If they want www.broadcom.com to point to www.broadcom.com.cdn.cloudflare.net.

                            Then they should just do that, but they are pointing to cdn.broadcom.com first, which then points to the cloudflare.net cname..

                            Its not efficient to do that.. Just causes extra work..

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.