"can't validate existing negative responses (not a zone cut)" messages
cet1 at cam.ac.uk
Mon Dec 6 10:52:11 UTC 2010
On Oct 3 2010, I wrote:
>Since upgrading our main recursive nameservers to BIND 9.7.2-P2 (and
>using a trust anchor for the root and lookaside via dlv.isc.org) I am
>seeing a scatter of warning messages like this:
>Oct 1 19:47:19 dnssec: warning: validating @1c29d580:
> 18.104.22.168.IN-ADDR.ARPA PTR:
> can't validate existing negative responses (not a zone cut)
>What do they mean, exactly? And should I be worrying about them?
>They all seem to refer to PTR records (not all of them for IP
>addresses in 95.101/16, but many of them are).
There were some followups, but we never got anything from ISC.
After upgrading to BIND 9.7.2-P3, they appear to have gone away, so
I presume one of the changes (maybe 2970) has fixed them.
Email: cet1 at cam.ac.uk
More information about the bind-users