DNSSEC troubleshooting on a recursive server.
p.mayers at imperial.ac.uk
Thu Aug 8 16:34:03 UTC 2013
On 08/08/13 17:22, Grant Keller wrote:
> Its strange, I get the records when querying one of my other DNS servers:
As per my original email - firewall? middlebox? crazy ISP transparent
caching DNS server?
I would break out tcpdump; clear the cache on the affected server, re-do
the dig, then trawl through the tcpdump looking for the relevant queries
and replies. Prove to yourself whether the RRSIGs are arriving at the
"broken" DNS server. If so, go on from there. If not, harass your
network/security team or upstream ;o)
More information about the bind-users