Re: "dig dnskey int." different responses from recent BIND versions

From: Chris Thompson <cet1_at_nospam>
Date: Wed Apr 07 2010 - 16:11:04 GMT
To: Chris Thompson <cet1@cam.ac.uk>

On Apr 7 2010, I wrote:

>A peculiarity:
>
> dig dnskey int. @...
>
>to nameservers with validation via dlv.isc.org gives SERVFAIL if they are
>running BIND 9.6.2-P1 or 9.7.0-P1. but gives a normal "NODATA" from
>BIND 9.6.2. Any ideas?

The same thing happens for any zone without DNSKEY records replacing "int.".
"+cd" suppresses the SERVFAIL, so it's a validation failure (but shouldn't
be, of course).

I have reported the problem to bind-bugs and given them some level 3 trace
output, but I haven't worked out what is going wrong from it. :-(

-- Chris Thompson Email: cet1@cam.ac.uk _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

This message: [ Message body ]
Next message: Chris Thompson: "Re: Problem with 9.6.2-p1"
Previous message: Chris Thompson: ""dig dnskey int." different responses from recent BIND versions"
In reply to: Chris Thompson: ""dig dnskey int." different responses from recent BIND versions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]