DNSSEC unable to resolve some addresses, disable TLS/SSL working ok

This happens at random times, for random domains.
this is configured on pfsense and most things work, every now and then a domain fails, after hours of working through it, i found if you disable SSL/TLS for outgoing requests this works.
This is the resolver log below.

Its also happening for essentials.myob.com.au but myob.com.au resolves fine.
I tried purge cache on the above and no change, its been about 15mins and its now resolving using TLS/SSL. Its very random and could be any domain. Any help appreciated thanks.

Apr 1 09:56:24 unbound 72187:1 info: Could not establish a chain of trust to keys for rba.gov.au. DNSKEY IN
Apr 1 09:56:24 unbound 72187:1 info: validator operate: query www.rba.gov.au. A IN
Apr 1 09:56:24 unbound 72187:1 debug: validator[module 0] operate: extstate:module_wait_subquery event:module_event_pass
Apr 1 09:56:24 unbound 72187:1 info: DS response was error, thus bogus
Apr 1 09:56:24 unbound 72187:1 info: validator operate: query rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:1 debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 1 09:56:24 unbound 72187:1 debug: return error response SERVFAIL
Apr 1 09:56:24 unbound 72187:1 debug: configured stub or forward servers failed – returning SERVFAIL
Apr 1 09:56:24 unbound 72187:1 info: processQueryTargets: rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:1 info: query response was THROWAWAY
Apr 1 09:56:24 unbound 72187:1 info: reply from <.> 1.1.1.1#853
Apr 1 09:56:24 unbound 72187:1 info: response for rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:1 info: iterator operate: query rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:1 debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
Apr 1 09:56:24 unbound 72187:3 debug: cache memory msg=67671 rrset=72498 infra=8306 val=70260
Apr 1 09:56:24 unbound 72187:3 info: Could not establish a chain of trust to keys for rba.gov.au. DNSKEY IN
Apr 1 09:56:24 unbound 72187:3 info: validator operate: query www.rba.gov.au. A IN
Apr 1 09:56:24 unbound 72187:3 debug: validator[module 0] operate: extstate:module_wait_subquery event:module_event_pass
Apr 1 09:56:24 unbound 72187:3 info: DS response was error, thus bogus
Apr 1 09:56:24 unbound 72187:3 info: validator operate: query rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:3 debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
Apr 1 09:56:24 unbound 72187:3 debug: return error response SERVFAIL
Apr 1 09:56:24 unbound 72187:3 debug: configured stub or forward servers failed – returning SERVFAIL
Apr 1 09:56:24 unbound 72187:3 info: processQueryTargets: rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:3 info: query response was THROWAWAY
Apr 1 09:56:24 unbound 72187:3 info: reply from <.> 1.0.0.1#853
Apr 1 09:56:24 unbound 72187:3 info: response for rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:3 info: iterator operate: query rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:3 debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
Apr 1 09:56:24 unbound 72187:1 debug: cache memory msg=67671 rrset=72498 infra=8306 val=70128
Apr 1 09:56:24 unbound 72187:1 debug: sending to target: <.> 1.1.1.1#853
Apr 1 09:56:24 unbound 72187:1 info: sending query: rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:1 info: processQueryTargets: rba.gov.au. DS IN
Apr 1 09:56:24 unbound 72187:1 info: query response was THROWAWAY

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.