"dig dnskey int." different responses from recent BIND versions
Chris Thompson
cet1 at cam.ac.uk
Wed Apr 7 16:11:04 UTC 2010
On Apr 7 2010, I wrote:
>A peculiarity:
>
> dig dnskey int. @...
>
>to nameservers with validation via dlv.isc.org gives SERVFAIL if they are
>running BIND 9.6.2-P1 or 9.7.0-P1. but gives a normal "NODATA" from
>BIND 9.6.2. Any ideas?
The same thing happens for any zone without DNSKEY records replacing "int.".
"+cd" suppresses the SERVFAIL, so it's a validation failure (but shouldn't
be, of course).
I have reported the problem to bind-bugs and given them some level 3 trace
output, but I haven't worked out what is going wrong from it. :-(
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list