DNSSEC validation broken trust July 22-23rd time.nist.gov
J Doe
general at nativemethods.com
Wed Jul 23 22:17:51 UTC 2025
Hi,
I have a small mail server that is using: BIND 9.20.11 and performs
recursion and DNSSEC validation.
From yesterday (July 22nd), to today (July 23rd), I noticed the
following in the server logs
22-Jul-2025 23:59:50.347 lame-servers: info: no valid RRSIG resolving
'glb.nist.gov/DNSKEY/IN': 132.163.4.64#53
22-Jul-2025 23:59:50.347 lame-servers: info: broken trust chain
resolving 'ntp1.glb.nist.gov/A/IN': 129.6.13.8#53
22-Jul-2025 23:59:50.347 query-errors: info: client @0xe3af1ee9020
127.0.0.1#13211 (time.nist.gov): query failed (broken trust chain) for
time.nist.gov/IN/A at query.c:7849
The host in question (time.nist.gov), is used by this server for NTP.
The problem appears to have resolved itself today (July 23rd), at around
10:00 AM EDT and happily NTP is able to complete with this particular host.
Did anyone else notice something similar ?
Thanks,
- J
More information about the bind-users
mailing list