error (broken trust chain) resolving

Alan Clegg aclegg at
Tue Nov 2 15:27:14 UTC 2010

On 11/2/2010 8:11 AM, Brian J. Murrell wrote:
> Since enabling DNSSEC on my resolving server I have been seeing various 
> instances of the following sort of messages:
> named error (broken trust chain) resolving '
> '':
> named error (broken trust chain) resolving '
> I haven't been able to find an explanation of what that "broken trust chain" 
> message means, exactly.
> Anyone care to explain?

There isn't a chain of signed DS records that lead from a trust anchor
to the thing that you are trying to resolve.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the bind-users mailing list