can't validate existing negative responses (no DS)
Lawrence K. Chen, P.Eng.
lkchen at ksu.edu
Wed Apr 2 00:49:42 UTC 2014
Having problems with a particular insecure delegation (most are) from our
zone file, that is only not working for local users (our caching resolvers
running BIND 9.9.4-P2 or 9.9.5)
But, everybody else reports its working....its working from my other location
(FWIW, is the base bind for FreeBSD 9.2 - 9.8.4-P2?)
Can't think of an easy way to tell if its BIND or geography....
In dnssec.log, I'm seeing messages of:
validating @0x8063a2700: click.mail.nacada.ksu.edu A: can't validate existing
negative responses (no DS)
validating @0x8089d9800: click.mail.nacada.ksu.edu A: can't validate existing
negative responses (no DS)
validating @0x80abc9500: click.mail.nacada.ksu.edu A: can't validate existing
negative responses (no DS)
validating @0x8063a2700: click.mail.nacada.ksu.edu A: can't validate existing
negative responses (no DS)
validating @0x8089d9800: click.mail.nacada.ksu.edu A: can't validate existing
negative responses (no DS)
flushing the cache or restarting doesn't help.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
More information about the bind-users
mailing list