IPv6 only resolver doesn’t work
Alarig Le Lay
alarig at swordarmor.fr
Fri Aug 19 12:12:28 UTC 2016
Hi,
On my server, I don’t have a v4 resolver, juste an IPv6 one:
bulbizarre ~ # cat /etc/resolv.conf
# Generated by dhcpcd from eth0.dhcp, eth0.ra
# /etc/resolv.conf.head can replace this line
domain swordarmor.fr
nameserver 2001:470:1f13:138::1
# /etc/resolv.conf.tail can replace this line
I have some error messages about “no resolver defined”:
==> /var/log/nginx/error_log <==
2016/08/19 14:00:03 [warn] 29733#29733: no resolver defined to resolve
ocsp.startssl.com while requesting certificate status, responder:
ocsp.startssl.com
2016/08/19 14:00:03 [error] 29733#29733: OCSP_basic_verify() failed
(SSL: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify
error:Verify error:unable to get local issuer certificate) while
requesting certificate status, responder: ocsp.startssl.com
But, my resolver is perfecly working:
bulbizarre ~ # dig -t A ocsp.startssl.com
; <<>> DiG 9.10.3-P4 <<>> -t A ocsp.startssl.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50744
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ocsp.startssl.com. IN A
;; ANSWER SECTION:
ocsp.startssl.com. 600 IN CNAME ocsp.startssl.com.akamaized.net.
ocsp.startssl.com.akamaized.net. 11236 IN CNAME a36.d.akamai.net.
a36.d.akamai.net. 20 IN A 2.18.245.56
a36.d.akamai.net. 20 IN A 2.18.245.43
;; Query time: 529 msec
;; SERVER: 2001:470:1f13:138::1#53(2001:470:1f13:138::1)
;; WHEN: Fri Aug 19 14:01:28 CEST 2016
;; MSG SIZE rcvd: 150
--
alarig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160819/6f3cf0b0/attachment.bin>
More information about the nginx
mailing list