recursive resolver, 9.9.7 works, not 9.10.x
Anders Löwinger
anders at abundo.se
Thu Apr 23 16:24:00 UTC 2015
Hi
I'm troubleshooting a strange problem. Customer uses bind 9.10.1 as a recursive resolver and they cannot resolve some domains.
Platform is windows server 2012, 64-bit
I've installed 9.9.7, 9.10.1 and 9.10.2 in my lab, only 9.9.7 can resolve umea.se, I used the exact same configuration in all three.
With 9.10.x i get "dnssec: info: validating umea.se/SOA: got insecure response; parent indicates it should be secure" in the log
These validates the umea.se domain as ok:
* http://dnscheck.iis.se/?time=1429805786&id=4683492&view=basic&test=standard
* http://dnssec-debugger.verisignlabs.com/umea.se#
* http://zonemaster.se/test/8675
This one flags some errors, there are two expired and one valid RRSIG for the SOA
* http://dnsviz.net/d/umea.se/dnssec/
Any tips on how to resolve this? (downgrade to 9.9.7 or is there any other solution?)
Thanks
Anders Löwinger, Abundo AB, +46 72 206 0322
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150423/18a01c37/attachment.html>
More information about the bind-users
mailing list