Open electrofloat opened 4 years ago
It also doesn't work with *.myqnapcloud.com
@electrofloat Does it work if you use dig +cdflag coder.show
? I tried unbound and I have the same issue there. However, I can resolve if I disable checking.
Thanks for flagging this issue. There is no workaround for this in Stubby itself - it is a result of how the upstream resolver behaves when it encounters an incorrectly configured zone and it seems to me that now both 1.1.1.1 and 8.8.8.8 are returning NOERROR/No Answer to e.g. dig @8.8.8.8 coder.show DS +dnssec (which many would argue is the correct thing for a resolver to do). Using DNSSEC validation means living with failures from incorrectly validating zones...
Hi!
So here is this issue: https://pastebin.com/P165c4kQ
Stubby's relevant configs:
Versions:
OS:
It returns SERVFAIL, 1.1.1.1 and 8.8.8.8 are returning different results. Probably this is an issue like this one: https://community.cloudflare.com/t/1-1-1-1-dnssec-servfail-on-some-domains/66416 https://gitlab.labs.nic.cz/knot/knot-resolver/issues/359
But. Can this be avoided without the pain of letting the dns provider know they are doing it wrong and waiting for them to fix it?