Lightning Wire Labs - DNS Manager Server - ssl handshake failed

Hi,

I am using Lightning Wire Labs - DNS Manager Server [81.3.27.54] as my DNS server for IPFire.
Unbound is setup to use TLS.

Apparently something is wrong: all DNS resolution fails:

May 13 10:01:26 silver-x86-64 unbound: [13859:1] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
May 13 10:01:26 silver-x86-64 unbound: [13859:1] notice: ssl handshake failed 81.3.27.54 port 853
May 13 10:16:45 silver-x86-64 unbound: [13859:0] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
May 13 10:16:45 silver-x86-64 unbound: [13859:0] notice: ssl handshake failed 81.3.27.54 port 853
May 13 10:32:01 silver-x86-64 unbound: [13859:0] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
May 13 10:32:01 silver-x86-64 unbound: [13859:0] notice: ssl handshake failed 81.3.27.54 port 853
May 13 10:47:06 silver-x86-64 unbound: [13859:0] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
May 13 10:47:06 silver-x86-64 unbound: [13859:0] notice: ssl handshake failed 81.3.27.54 port 853

Is there a problem at unbound (local IPFire) or at Lightning Wire Labs - DNS Manager Server ?

20200513_recursor01.dns.lightningwirelabs.com_DNS_TLS_error915×36 1.36 KB

Thanks,
H&M

I’m also seeing errors on their server:

|11:45:02|unbound: [10813:0]|error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_serv er_certificate:certificate verify failed|
|11:45:02|unbound: [10813:0]|notice: ssl handshake failed 81.3.27.54 port 853|

Oops. Thank you for letting me know.

The certificate in dnsdist could not automatically be reloaded because of a permission issue. I have fixed this and the server is available over TLS again.