dnssec bad cache hit error for bind9.16.13
Sakuma, Koshiro
bravo.echo.one at gmail.com
Fri Apr 2 05:24:47 UTC 2021
Hello Team;
I've just finished setup for bind9.16.13 from scratch (source). But I got
error when I checked with bind function with "dig" command. The error I
got was as below.
1. dig result;
; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8_3.1 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: *SERVFAIL,* id: 17070
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
2. named.log
There are many bad cache hit logs.
dnssec: view internal: validating nikkei225jp.com/SOA: bad cache hit
(com/DS)
I tried to dig out for this issue, I found one thing that disable
dnssec-validation option.
After changing, the issue had been fixed. However, I'm wondering if I can
disable this option for security reason. Or there is another solution??
Thank you for your support!
Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210402/d93fd579/attachment.htm>
More information about the bind-users
mailing list