expired KSK, other domains failed to resolve?
Casey Deccio
casey at deccio.net
Thu Aug 6 14:01:12 UTC 2015
On Thu, Aug 6, 2015 at 4:16 AM, Lawrence K. Chen, P.Eng. <lkchen at ksu.edu>
wrote:
> So, in running some tests....I found that "dig +trace kstatesports.com"
> would get to ns-1.ksu.edu show couple NSEC3 records and stop.
>
$ dig +short kstatesports.com ns
ns-2.ksu.edu.
ns-3.ksu.edu.
ns-1.ksu.edu.
Because the kstatesports.com name servers are in the edu zone, they are
considered "out of bailiwick". A resolver must resolve those names in
order to learn the addresses of the servers it must communicate with for
kstatesports.com queries. Thus, kstatesports.com depends on ns-{1,2,3}.
ksu.edu resolving (and validating) properly.
Cheers,
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150806/dbac0bea/attachment.html>
More information about the bind-users
mailing list