<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
Hi,<br>
<br>
I am having a problem,<br>
<br>
I am signing a zone with opendnssec,<br>
<br>
After signing it seems fine and <br>
<br>
If issue a <br>
<br>
<b>dig @[dnssec-aware-recursive-server] [zone] +dnssec SOA</b><br>
<br>
from this [<b>dnssec-aware-recursive-server</b>]<br>
<br>
And the answer is returned with RRSIGS and ad bit<br>
<br>
But after some time if I issue again i get SERVFAIL and checking the
logs i get this<br>
<br>
25-Nov-2011 09:16:09.111 debug 3: validating @0xb93ccf28: zone SOA:
starting<br>
25-Nov-2011 09:16:09.111 debug 3: validating @0xb93ccf28: zone SOA:
attempting positive response validation<br>
25-Nov-2011 09:16:09.111 info: validating @0xb93ccf28: zone SOA: bad
cache hit (zone/DNSKEY)<br>
25-Nov-2011 09:16:09.111 debug 3: validator @0xb93ccf28:
dns_validator_destroy<br>
<br>
But after sometime again i get good results with no error<br>
<br>
I wonder if anyone has ever got the error<br>
<br>
I have checked dig +cd and i get answers perfectly so I suppose its
dnssec issue <br>
<br>
and i have checked if the RRSIG are expired and its not the case as
they are not even close to expiry.<br>
<br>
I will appreciate.<br>
<pre class="moz-signature" cols="72">--
[ Bryton | Systems Engineer | .tzNIC | <a class="moz-txt-link-abbreviated" href="http://www.tznic.or.tz">www.tznic.or.tz</a> ]</pre>
</body>
</html>