bind-users April 2010 archive
Main Archive Page > Month Archives  > bind-users archives
bind-users: Re: "dig dnskey int." different responses

Re: "dig dnskey int." different responses from recent BIND versions

From: Chris Thompson <cet1_at_nospam>
Date: Wed Apr 07 2010 - 16:11:04 GMT
To: Chris Thompson <>

On Apr 7 2010, I wrote:

>A peculiarity:
> dig dnskey int. @...
>to nameservers with validation via gives SERVFAIL if they are
>running BIND 9.6.2-P1 or 9.7.0-P1. but gives a normal "NODATA" from
>BIND 9.6.2. Any ideas?

The same thing happens for any zone without DNSKEY records replacing "int.".
"+cd" suppresses the SERVFAIL, so it's a validation failure (but shouldn't
be, of course).

I have reported the problem to bind-bugs and given them some level 3 trace
output, but I haven't worked out what is going wrong from it. :-(

-- Chris Thompson Email: _______________________________________________ bind-users mailing list