error (broken trust chain) resolving

Brian J. Murrell brian at
Wed Nov 3 16:00:48 UTC 2010

Stephane Bortzmeyer <bortzmeyer <at>> writes:
> Indeed. Your analysis seems right. May be you have somewhere another
> trust anchor (for DLV <at> ISC or directly for

Hrm.  I'm not sure TBH.  I know I didn't install any trust anchor specifically 
for, but I do have "dnssec-lookaside auto;" configured in my 
bind options.

I don't know how to do the same verification of given that 

> Another possibility: is badly lame (none
> of the name servers reply), so it may trigger a bad error message from

Both and seem to be responsive.  The number of high-
profile domains involved seems to reduce the probability of this option.

More information about the bind-users mailing list