error (broken trust chain) resolving
Brian J. Murrell
brian at interlinx.bc.ca
Tue Nov 2 17:21:20 UTC 2010
Alan Clegg <aclegg <at> isc.org> writes:
>
> On 11/2/2010 8:11 AM, Brian J. Murrell wrote:
> >
> > named error (broken trust chain) resolving '133.168.163.66.sa-
> > trusted.bondedsender.org/TXT/IN': 173.45.100.146#53
> There isn't a chain of signed DS records that lead from a trust anchor
> to the thing that you are trying to resolve.
So basically it just means that one or more zones from . down to the thing I'm
trying to resolve has not been DNSSECized? i.e. no zone keys, signing, etc.?
Wouldn't that be the case for the majority of "things" I (or anyone else) would
be trying to resolve, in these early days of DNSSEC?
It just seems like I'd see way more records (i.e. pretty much everything we try
to resolve here) of the sort that I posted if that were the case. Maybe the
variation in things we try to resolve here is not as much as I'd have thought.
Am I misunderstanding?
b.
More information about the bind-users
mailing list