On Sun, Apr 5, 2009 at 8:48 PM, Mark Andrews <mark_andr...@isc.org> wrote: > Named is still able to return answers if you tell it not to > validate the answers by setting CD=1 in the query. This flag > is usually used when you have a validating resolver using another > validating resolver to get its answers. > > When the lookups were failing answers like this were returned.
The one thing I didn't do was a direct dig itself. I was tailing dnssec.log and watching the DLV lookups failing, and my web browser was failing to load any site, reporting the hostname couldn't be resolved. Above, you mention setting CD=1 in the query. How is this done by applications trying to resolve hostnames when there's a problem like last nights? Would setting the named.conf directive dnssec-validation no; do this? (as I mentioned previously, I had to comment out dnssec-validation and the trust anchor directive that points to ISC so I could resolve queries) -- aRDy Music and Rick Dicaire present: http://www.ardynet.com http://www.ardynet.com:9000/ardymusic.ogg.m3u _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users