SOLVED: postbank.de / dslbank.de

Bjørn Mork bjorn at mork.no
Wed Feb 3 18:33:57 CET 2016 

Benny Pedersen <me at junc.eu> writes:
> On 2016-02-03 07:26, Andreas Schulze wrote:
>
>>> i dont use unbound
>>
>> a feature in unbound called "" was the reason
>> we now add an exeption to unbound and get also NXDOMAIN
>> see
>> https://unbound.net/pipermail/unbound-users/2016-February/004192.html
>>
>> unbound.conf:
>> 	server: caps-whitelist: postbank.de
>>
>> (require unbound-1.5.4 or newer)
>
> another reason for not using unbound ?

The bug in the postbank.de servers will cause SERVFAIL with *any* DNSSEC
validator unless you are careful to keep the query lower case only.  You
can easily verify this yourself.  Simply query your validating resolver
for a non-existing name in postbank.de, capitalizing one or ore
characters in the query:

bjorn at nemi:~$ dig ns5.Postbank.de

; <<>> DiG 9.9.5-9+deb8u5-Debian <<>> ns5.Postbank.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48848
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns5.Postbank.de.               IN      A

;; Query time: 1278 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 03 18:27:13 CET 2016
;; MSG SIZE  rcvd: 44



No unbound involved here:

bjorn at nemi:~$ dig version.bind txt chaos

; <<>> DiG 9.9.5-9+deb8u5-Debian <<>> version.bind txt chaos
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44913
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "9.9.5-9+deb8u5-Debian"

;; AUTHORITY SECTION:
version.bind.           0       CH      NS      version.bind.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 03 18:29:22 CET 2016
;; MSG SIZE  rcvd: 89



Bjørn

More information about the dane-users mailing list