error (broken trust chain) resolving
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Nov 3 12:39:34 UTC 2010
On Wed, Nov 03, 2010 at 11:44:18AM +0000,
Brian J. Murrell <brian at interlinx.bc.ca> wrote
a message of 46 lines which said:
> named error (broken trust chain) resolving '133.168.163.66.sa-
> trusted.bondedsender.org/TXT/IN': 173.45.100.146#53
>
> Where/why does it break? Who's is breaking it? I can see that
> org. is rife with DNSSEC data but that bondedsender.org. is
> completely void of it. But surely that would be the case of a plain
> insecure delegation, yes?
Indeed. Your analysis seems right. May be you have somewhere another
trust anchor (for DLV at ISC or directly for bondedsender.org?)
Another possibility: sa-trusted.bondedsender.org is badly lame (none
of the name servers reply), so it may trigger a bad error message from
BIND.
More information about the bind-users
mailing list