search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
3.82k stars 397 forks source link

Server fail due to incorrect DNSSEC failure #936

Closed MVlaar-GH closed 4 weeks ago

MVlaar-GH commented 4 weeks ago

I'm running 12.1 on Docker with very tight firewall settings. Most DNS queries work but some fail, the server logs claim there are DNSSEC signature failures, but sites like dnssec-debugger.verisignlabs.co and dnsviz.net do not see any issues with DNSSEC. Affected sites:

Technical data:

Log: [2024-05-28 10:29:09 UTC] DNS Server failed to resolve the request 'app.socialschools.eu. AAAA IN' using forwarders: 1.1.1.1:853, 1.0.0.1:853. TechnitiumLibrary.Net.Dns.DnsClientResponseDnssecValidationException: DNSSEC validation failed due to invalid signature [SignatureExpired] for owner name: socialschools.eu/SOA at TechnitiumLibrary.Net.Dns.DnsClient.DnssecValidateSignatureAsync(DnsDatagram response, IReadOnlyList1 records, IReadOnlyList1 dnsKeyRecords, IReadOnlyList1 unsignedZones, DnssecValidateSignatureParameters parameters, Boolean isAuthoritySection, Boolean isAdditionalSection) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2897 at TechnitiumLibrary.Net.Dns.DnsClient.DnssecValidateSignatureAsync(DnsDatagram response, IReadOnlyList1 dnsKeyRecords, IReadOnlyList1 unsignedZones) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2737 at TechnitiumLibrary.Net.Dns.DnsClient.DnssecValidateResponseAsync(DnsDatagram response, IReadOnlyList1 lastDSRecords, DnsClient dnsClient, IDnsCache cache, UInt16 udpPayloadSize, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2566 at TechnitiumLibrary.Net.Dns.DnsClient.InternalDnssecResolveAsync(DnsQuestionRecord question, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4692 at TechnitiumLibrary.Net.Dns.DnsClient.<>c__DisplayClass91_0.<b__0>d.MoveNext() in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4754 --- End of stack trace from previous location --- at TechnitiumLibrary.Net.Dns.DnsClient.ResolveQueryAsync(DnsQuestionRecord question, Func2 resolveAsync) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4103 at TechnitiumLibrary.Net.Dns.DnsClient.InternalCachedResolveQueryAsync(DnsQuestionRecord question, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4736 at DnsServerCore.Dns.DnsServer.RecursiveResolveAsync(DnsQuestionRecord question, NetworkAddress eDnsClientSubnet, Boolean advancedForwardingClientSubnet, IReadOnlyList1 conditionalForwarders, Boolean dnssecValidation, Boolean cachePrefetchOperation, Boolean cacheRefreshOperation, Boolean skipDnsAppAuthoritativeRequestHandlers, TaskCompletionSource`1 taskCompletionSource) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\DnsServer.cs:line 3193

MVlaar-GH commented 4 weeks ago

Nevermind, I thought my time was in sync as the time difference was exactly 2 hours and I thought that was a timezone error. After rechecking it and allowing the NTP ports, things work fine. My bad.

ShreyasZare commented 4 weeks ago

Good to know you got it working by fixing system time.