recursive resolver, 9.9.7 works, not 9.10.x

Anders Löwinger anders at
Thu Apr 23 16:24:00 UTC 2015


I'm troubleshooting a strange problem. Customer uses bind 9.10.1 as a recursive resolver and they cannot resolve some domains.

Platform is windows server 2012, 64-bit

I've installed 9.9.7, 9.10.1 and 9.10.2 in my lab, only 9.9.7 can resolve, I used the exact same configuration in all three.

With 9.10.x i get "dnssec: info: validating got insecure response; parent indicates it should be secure" in the log

These validates the domain as ok:


This one flags some errors, there are two expired and one valid RRSIG for the SOA


Any tips on how to resolve this? (downgrade to 9.9.7 or is there any other solution?)

Anders Löwinger, Abundo AB, +46 72 206 0322

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list