"can't validate existing negative responses (not a zone cut)" messages
Tony Finch
dot at dotat.at
Fri Oct 22 14:16:07 UTC 2010
On Sun, 3 Oct 2010, Chris Thompson wrote:
>
> Oct 3 16:53:10 dnssec: warning: validating @14c9cd70:
> 98.206.101.95.IN-ADDR.ARPA PTR:
> can't validate existing negative responses (not a zone cut)
>
> What do they mean, exactly? And should I be worrying about them?
> They all seem to refer to PTR records (not all of them for IP
> addresses in 95.101/16, but many of them are).
BIND is trying to prove that there is a valid secure -> insecure
transition. It has found a cached NXDOMAIN response that has not been
validated. The comment above the logger call says:
/*
* This shouldn't happen, since the negative
* response should have been validated. Since
* there's no way of validating existing
* negative response blobs, give up.
*/
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR
ROUGH. RAIN THEN FAIR. GOOD.
More information about the bind-users
mailing list