DNSSEC troubleshooting on a recursive server.

Phil Mayers p.mayers at imperial.ac.uk
Thu Aug 8 16:34:03 UTC 2013

On 08/08/13 17:22, Grant Keller wrote:

> Its strange, I get the records when querying one of my other DNS servers:

As per my original email - firewall? middlebox? crazy ISP transparent 
caching DNS server?

I would break out tcpdump; clear the cache on the affected server, re-do 
the dig, then trawl through the tcpdump looking for the relevant queries 
and replies. Prove to yourself whether the RRSIGs are arriving at the 
"broken" DNS server. If so, go on from there. If not, harass your 
network/security team or upstream ;o)

More information about the bind-users mailing list