We are using Bind 9.7 at the border to resolve DNS queries for a small
LAN. After moving forward in using IPv6 we discovered many "broken
trust chain" errors in the bind log for non existing AAAA records. One
example is
Nov 18 01:18:21 firewall named[27580]: error (broken trust chain)
resolving 'smtp.g.comcast.net/AAAA/IN': 76.96.53.47#53
Nov 18 01:18:21 firewall named[27580]: error (broken trust chain)
resolving 'smtp.g.comcast.net/AAAA/IN': 68.87.66.201#53
Nov 18 01:18:29 firewall named[27580]: error (broken trust chain)
resolving 'smtp.g.comcast.net/AAAA/IN': 76.96.53.47#53
Nov 18 01:18:29 firewall named[27580]: error (broken trust chain)
resolving 'smtp.g.comcast.net/AAAA/IN': 76.96.53.47#53
From what i can see there is no DNSSEC for comcast.net so this should
not happen and the A record just resolve fine. Any comment if this
should worry me?
Regards
Andreas
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users