error (broken trust chain) resolving

Brian J. Murrell brian at
Mon Nov 22 13:28:01 UTC 2010

Casey Deccio <casey <at>> writes: 
> After a review of NSEC3 showed that this particular behavior is
> expected because org has been signed using NSEC3 with the opt-out bit
> set.

I'm afraid I'm getting a bit lost due to my real lack of understanding of the 
details of DNSSEC.  I wish I had the time to really sit down and understand the 
concepts in complete detail.  :-(

So does the RFC reference just explain why the AD bit (i.e. and not the bigger 
problem of the spew of log entries from named) is not set or does that explain 
the entire problem I am seeing (namely the continuous log spew from named)?


More information about the bind-users mailing list