"can't validate existing negative responses (not a zone cut)" messages
Chris Thompson
cet1 at cam.ac.uk
Sun Oct 3 17:47:44 UTC 2010
Since upgrading our main recursive nameservers to BIND 9.7.2-P2 (and
using a trust anchor for the root and lookaside via dlv.isc.org) I am
seeing a scatter of warning messages like this:
Oct 1 19:47:19 dnssec: warning: validating @1c29d580:
115.197.101.95.IN-ADDR.ARPA PTR:
can't validate existing negative responses (not a zone cut)
Oct 1 19:47:19 dnssec: warning: validating @8d34550:
115.197.101.95.IN-ADDR.ARPA PTR:
can't validate existing negative responses (not a zone cut)
Oct 2 11:25:28 dnssec: warning: validating @11d37f18:
32.197.101.95.IN-ADDR.ARPA PTR:
can't validate existing negative responses (not a zone cut)
Oct 3 01:39:21 dnssec: warning: validating @160f4260:
205.205.101.95.IN-ADDR.ARPA PTR:
can't validate existing negative responses (not a zone cut)
Oct 3 08:40:14 dnssec: warning: validating @12cd35c0:
20.204.101.95.IN-ADDR.ARPA PTR:
can't validate existing negative responses (not a zone cut)
Oct 3 16:53:10 dnssec: warning: validating @14c9cd70:
98.206.101.95.IN-ADDR.ARPA PTR:
can't validate existing negative responses (not a zone cut)
What do they mean, exactly? And should I be worrying about them?
They all seem to refer to PTR records (not all of them for IP
addresses in 95.101/16, but many of them are).
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list