Question about resolver
Josh Kuo
josh.kuo at gmail.com
Thu Apr 25 12:55:08 UTC 2024
DS = Delegation Signer, it is the record type that a signed child upload to
the parent zone. It's difficult to say for sure without more information
such as which domain name you are trying to resolve, but looks like it is
probably due to a mis-matching DS record between the child and the parent
(security lameness).
You can use tools such as https://dnssec-analyzer.verisignlabs.com/online
to help you analyze further. If you need to refresh your knowledge on how
DNSSEC works, see the ISC DNSSEC Guide:
https://bind9.readthedocs.io/en/v9.18.14/dnssec-guide.html
-Josh
On Wed, Apr 24, 2024 at 7:31 PM J Doe <general at nativemethods.com> wrote:
> Hello,
>
> I run BIND 9.18.26 as a recursive, validating resolver. In my logs, I
> noticed the following:
>
> 22-Apr-2024 19:25:59.614 lame-servers: info: chase DS servers
> resolving '180.96.34.in-addr.arpa/DS/IN': 216.239.34.102#53
>
> What does "chase DS servers" mean ?
>
> Thanks,
>
> - J
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240425/48d1e4f5/attachment.htm>
More information about the bind-users
mailing list