Resolving .gov w/dnssec
Torsten
toto at the-damian.de
Thu Apr 22 14:39:02 UTC 2010
Am Thu, 22 Apr 2010 10:03:43 -0400 (EDT)
schrieb Paul Wouters <paul at xelerance.com>:
> On Thu, 22 Apr 2010, Timothe Litt wrote:
>
> > I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and
> > 9.6-ESV configured as valdidating resolvers.
> >
> > Using dig, I get a connection timeout error after a long (~10 sec)
> > delay. +cdflag provides an immediate response.
>
> > Is anyone else seeing this? Ideas on how to troubleshoot?
>
> I have the same problems with our validating unbound instance. The
> logs show:
>
Maybe something went wrong in the key-rollover process. Queries
for DS, DNSKEY and NSEC get a reply with the ad flag set. All other
records fail.
Ciao
Toto
More information about the bind-users
mailing list