On Jun 12 20009, I wrote: [...]
The debug level 2 messages, which correspond to SERVFAILs, are all associated with "8.84.in-addr.arpa", and it does seem that something is wrong with the (signed) delegation of that from "84.in-addr.arpa". I can reproduce the SERVFAIL effect on other validating nameservers.
Just to expand on that a bit: the DS record in the parent zone correctly describes the KSK in the child zone, and the RRSIGs in 8.84.in-addr.arpa appear to be correct ... except that they all expired over 15 months ago! -- Chris Thompson Email: c...@cam.ac.uk _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
