[ipxe-devel] Wierd DNS issue
Michael Brown
mbrown at fensystems.co.uk
Wed Jul 3 11:01:57 UTC 2013
On 02/07/13 23:49, Robin Smidsrød wrote:
>>> * Check that the hostname portion of the URL you are using is actually a
>>> hostname and not an IP address if using HTTPS.
>>
>> I suppose this is what breaks your setup.
>
> I added that to the wiki earlier today after getting this same message
> posted on the forum. I've added an explanation on the forum as well.
That makes no sense to me as an explanation; the error is definitely due
to a non-existent DNS record. Using the IP address in the https:// URL
will produce
http://ipxe.org/err/020de2
(unless the server's certificate is indeed issued to an IP address
rather than to a name).
Niket: I suspect that the root cause of the problem is one of the
secondary downloads that iPXE performs in order to validate the
certificate. For example, if your server certificate specifies an OCSP
URI but the DNS name in that OCSP URI is incorrect, then you will end up
with the DNS error that you are seeing.
The fastest way to track down the problem is probably to build with
DEBUG=tls,x509,validator
Michael
More information about the ipxe-devel
mailing list