Also, just for testing. Similar happened to me. Try with ‘dnssec-validation no;’ ________________________________ From: bind-users <[email protected]> on behalf of julien soula <[email protected]> Sent: Sunday, November 22, 2020 9:31:56 AM To: upen <[email protected]> Cc: [email protected] <[email protected]>; BIND Users <[email protected]> Subject: Re: Servfail on Bind -9.16.1
On Sat, Nov 21, 2020 at 03:20:26PM -0600, upen wrote: > .../... > default.log:21-Nov-2020 15:11:18.008 client @0x7fb6a800c0a0 127.0.0.1#33706 > (www.facebook.com<http://www.facebook.com>): query failed (broken trust > chain) for > www.facebook.com/IN/A<http://www.facebook.com/IN/A> at query.c:6883 > dnssec.log:21-Nov-2020 15:11:18.008 validating > www.facebook.com/CNAME:<http://www.facebook.com/CNAME:> bad > cache hit (com/DS) > lame-servers.log:21-Nov-2020 15:11:18.008 broken trust chain resolving ' > www.facebook.com/A/IN':<http://www.facebook.com/A/IN':> 129.134.31.12#53 it seems to be an error in dnssec. So I suppose that "dig +nodnssec ...." works. May be "dig +trace facebook.com" will give you more hints. sincerly, -- Julien _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
