Hi,
When I configure my named to forward to our corporate DNS
servers (10.0.0.2 and 10.0.0.3), I end up getting error
messages such as
Dec 17 20:58:06 dns-server named[843946]: fetch: www.canonical.com/A
Dec 17 20:58:06 dns-server named[843946]: fetch: com/DS
Dec 17 20:58:06 dns-server named[843946]: delete_node(): 0x7fa7e331e010
www.canonical.com (bucket 15)
Dec 17 20:58:06 dns-server named[843946]: delete_node(): 0x7fa7e331b080
com (bucket 2)
Dec 17 20:58:06 dns-server named[843946]: no valid RRSIG resolving
'com/DS/IN': 10.0.0.2#53
Dec 17 20:58:06 dns-server named[843946]: delete_node(): 0x7fa7e331b080
com (bucket 2)
Dec 17 20:58:06 dns-server named[843946]: no valid RRSIG resolving
'com/DS/IN': 10.0.0.3#53
Dec 17 20:58:06 dns-server named[843946]: delete_node(): 0x7fa7e331b080
com (bucket 2)
Dec 17 20:58:06 dns-server named[843946]: no valid DS resolving
'www.canonical.com/A/IN': 10.0.0.2#53
Dec 17 20:58:06 dns-server named[843946]: delete_node(): 0x7fa7e331e010
www.canonical.com (bucket 15)
Dec 17 20:58:06 dns-server named[843946]: validating
www.canonical.com/A: bad cache hit (com/DS)
Dec 17 20:58:06 dns-server named[843946]: delete_node(): 0x7fa7e331e010
www.canonical.com (bucket 15)
Dec 17 20:58:06 dns-server named[843946]: broken trust chain resolving
'www.canonical.com/A/IN': 10.0.0.3#53
I don't quite understand why. Are 10.0.0.{2,3} incorrectly
set up for DNSSEC? It looks like DNSSEC is already breaking
for com. How can I trace what the root cause is?
Thanks!
Nick
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
