search

mirage / ocaml-dns

OCaml implementation of the DNS protocol
BSD 2-Clause "Simplified" License
105 stars 43 forks source link

Handle of DNSSEC is partial and the `dns-resolver` fails to respond #324

Open dinosaure opened 2 years ago

dinosaure commented 2 years ago

I updated my unikernel dns-resolver with dns.6.3.0 and I can not reach any domains. On my log, I have this

console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] resolving connectivity-check.ubuntu.com AAAA?
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] handle query connectivity-check.ubuntu.com (AAAA)
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] query for connectivity-check.ubuntu.com (AAAA): connectivity-check.ubuntu.com
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] resolve returned zone com query connectivity-check.ubuntu.com (AAAA), ip 192.31.80.30
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] query 1 connectivity-check.ubuntu.com AAAA?
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] reacting to packet from 10.0.0.1:64196
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] resolving 10.0.0.1:64196
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] resolving connectivity-check.ubuntu.com A?
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] handle query connectivity-check.ubuntu.com (A)
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] query for connectivity-check.ubuntu.com (A): connectivity-check.ubuntu.com
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] resolve returned zone com query connectivity-check.ubuntu.com (A), ip 2001:503:d2d::30
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] query 1 connectivity-check.ubuntu.com A?
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] reacting to packet from 192.31.80.30:53
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] handling reply to connectivity-check.ubuntu.com AAAA?
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: WRN [dnssec] couldn't find RRSIG for ubuntu.com  172800  NS  ns3.canonical.com.
console 2022-10-25T08:27:06-00:00:  172800  NS  ns2.canonical.com.
console 2022-10-25T08:27:06-00:00:  172800  NS  ns1.canonical.com.
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: WRN [dnssec] RRSIG verification for ubuntu.com   172800  NS  ns3.canonical.com.
console 2022-10-25T08:27:06-00:00:  172800  NS  ns2.canonical.com.
console 2022-10-25T08:27:06-00:00:  172800  NS  ns1.canonical.com. failed: no key-rrsig pair found
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] handle query connectivity-check.ubuntu.com (AAAA)
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] query for connectivity-check.ubuntu.com (AAAA): connectivity-check.ubuntu.com
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] resolve returned zone com query connectivity-check.ubuntu.com (AAAA), ip 2001:500:856e::30
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: INF [application] handled reply 192.31.80.30:53
console 2022-10-25T08:27:06-00:00: 2022-10-25 08:27:06 -00:00: APP [dns_resolver_mirage] unlisten on UDP 53

It's an example about connectivity-check.ubuntu.com.