error (broken trust chain) resolving
Brian J. Murrell
brian at interlinx.bc.ca
Wed Nov 3 16:00:48 UTC 2010
Stephane Bortzmeyer <bortzmeyer <at> nic.fr> writes:
>
> Indeed. Your analysis seems right. May be you have somewhere another
> trust anchor (for DLV <at> ISC or directly for bondedsender.org?)
Hrm. I'm not sure TBH. I know I didn't install any trust anchor specifically
for bondedsender.org, but I do have "dnssec-lookaside auto;" configured in my
bind options.
I don't know how to do the same verification of bondedsender.org given that
however.
> Another possibility: sa-trusted.bondedsender.org is badly lame (none
> of the name servers reply), so it may trigger a bad error message from
> BIND.
Both s0.rpdns.net. and s1.rpdns.net. seem to be responsive. The number of high-
profile domains involved seems to reduce the probability of this option.
More information about the bind-users
mailing list