"broken trust chain" for non-existing AAAA records

Thu, 18 Nov 2010 04:16:37 -0800

We are using Bind 9.7 at the border to resolve DNS queries for a small LAN. After moving forward in using IPv6 we discovered many "broken trust chain" errors in the bind log for non existing AAAA records. One example is
Nov 18 01:18:21 firewall named[27580]: error (broken trust chain) resolving 'smtp.g.comcast.net/AAAA/IN': 76.96.53.47#53 Nov 18 01:18:21 firewall named[27580]: error (broken trust chain) resolving 'smtp.g.comcast.net/AAAA/IN': 68.87.66.201#53 Nov 18 01:18:29 firewall named[27580]: error (broken trust chain) resolving 'smtp.g.comcast.net/AAAA/IN': 76.96.53.47#53 Nov 18 01:18:29 firewall named[27580]: error (broken trust chain) resolving 'smtp.g.comcast.net/AAAA/IN': 76.96.53.47#53 


From what i can see there is no DNSSEC for comcast.net so this should  
not happen and the A record just resolve fine. Any comment if this  
should worry me?


Regards

Andreas


_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to