broken trust chain
Mark Andrews
marka at isc.org
Mon Sep 28 21:34:16 UTC 2020
This is nothing more than packet loss causing named to fallback to plain DNS. Start named after the network is up or upgrade to a 9.14 or later which doesn’t fall back to plain DNS in packet loss.
--
Mark Andrews
> On 29 Sep 2020, at 00:36, Jeremy C. Reed <reed at reedmedia.net> wrote:
>
> Let's get more logging. Enable more debugging in named.
> What made named think that name should be DNSSEC signed in the first
> place?
>
> Do you only have the problem resolving the single name and it doesn't
> happen every time?
> Does the problem ever happen without using your forwarders?
>
> Also do the query with delv -d99 and record that verbose output.
> _______________________________________________
> bind-workers mailing list
> bind-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-workers
More information about the bind-workers
mailing list