DNSVIZ errors
akritrim® Intelligence™
inlists at akritrim.net
Sun Apr 20 03:58:34 UTC 2025
Hi
I am getting the following error if i test the domain on dnsviz.net.
For example for domain example.org i get :
caikb.6tqs4.example.org/A has errors; select the "Denial of existence"
DNSSEC option to see them.
On checking the denial of existence settings i get:
RRset status
Bogus (1)
caikb.6tqs4.example.org/A (NXDOMAIN)
Errors (2)
NSEC3 proving non-existence of caikb.6tqs4.example.org/A: No NSEC3 RR
corresponds to the closest encloser of the SNAME
(caikb.6tqs4.example.org). See RFC 5155, Sec. 8.4.
NSEC3 proving non-existence of caikb.6tqs4.example.org/A: No NSEC3 RR
corresponds to the closest encloser of the SNAME
(caikb.6tqs4.example.org). See RFC 5155, Sec. 8.4.
I do not get any errors on an existing subdomain like mail.example.org
or even a non existent subdomain like htcghugfg.example.org
also not all domains managed by the server get this error, only some of
them.
i have these parameters defined in dnssec policy:
nsec3param iterations 0 optout no salt-length 0;
any ideas will be welcome.
--
akritrim® Intelligence™
More information about the bind-users
mailing list