"broken trust chain" for non-existing AAAA records
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Thu Nov 18 12:14:00 UTC 2010
We are using Bind 9.7 at the border to resolve DNS queries for a small
LAN. After moving forward in using IPv6 we discovered many "broken
trust chain" errors in the bind log for non existing AAAA records. One
example is
Nov 18 01:18:21 firewall named[27580]: error (broken trust chain)
resolving 'smtp.g.comcast.net/AAAA/IN': 76.96.53.47#53
Nov 18 01:18:21 firewall named[27580]: error (broken trust chain)
resolving 'smtp.g.comcast.net/AAAA/IN': 68.87.66.201#53
Nov 18 01:18:29 firewall named[27580]: error (broken trust chain)
resolving 'smtp.g.comcast.net/AAAA/IN': 76.96.53.47#53
Nov 18 01:18:29 firewall named[27580]: error (broken trust chain)
resolving 'smtp.g.comcast.net/AAAA/IN': 76.96.53.47#53
From what i can see there is no DNSSEC for comcast.net so this should
not happen and the A record just resolve fine. Any comment if this
should worry me?
Regards
Andreas
More information about the bind-users
mailing list