I've got bind 9.8.1-P1 setup as a DNSSEC validating name server. af.mil uses DNSSEC and various web based external validation tools seem happy with their setup. I've turned up my logging for DNSSEC validation and in bind for af.mil/DNSKEY only always fails validation. It seems perfectly happy with other records in the domain. When validation fails the error below is being logged: Dec 11 15:29:12 ahostname named[25509]: error (insecurity proof failed) resolving 'af.mil/DNSKEY/IN': 199.252.162.234#53
Would anyone know why this is happening? Regards, Rob -- ---------------------"Happiness is understanding."---------------------- Robert Hardy C.E.O. Webcon Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users