error (broken trust chain) resolving
Casey Deccio
casey at deccio.net
Mon Nov 22 21:02:46 UTC 2010
On Mon, Nov 22, 2010 at 5:28 AM, Brian J. Murrell <brian at interlinx.bc.ca> wrote:
> Casey Deccio <casey <at> deccio.net> writes:
>>
>> After a review of NSEC3 showed that this particular behavior is
>> expected because org has been signed using NSEC3 with the opt-out bit
>> set.
>
> I'm afraid I'm getting a bit lost due to my real lack of understanding of the
> details of DNSSEC. I wish I had the time to really sit down and understand the
> concepts in complete detail. :-(
>
> So does the RFC reference just explain why the AD bit (i.e. and not the bigger
> problem of the spew of log entries from named) is not set
yes, I was clarifying that my particular observation with respect to
the AD bit was not a useful insight into troubleshooting the other
issues.
> or does that explain
> the entire problem I am seeing (namely the continuous log spew from named)?
>
I still don't have the answer to this. Perhaps a BIND developer may
have better insight into the log messages and what may be going on.
Casey
More information about the bind-users
mailing list