On 04/01/14 19:49, Lawrence K. Chen, P.Eng. wrote: > Having problems with a particular insecure delegation (most are) from our zone > file, that is only not working for local users (our caching resolvers running > BIND 9.9.4-P2 or 9.9.5) > > But, everybody else reports its working....its working from my other location > (FWIW, is the base bind for FreeBSD 9.2 - 9.8.4-P2?) > > Can't think of an easy way to tell if its BIND or geography.... > > In dnssec.log, I'm seeing messages of: > > validating @0x8063a2700: click.mail.nacada.ksu.edu A: can't validate existing > negative responses (no DS) > validating @0x8089d9800: click.mail.nacada.ksu.edu A: can't validate existing > negative responses (no DS) > validating @0x80abc9500: click.mail.nacada.ksu.edu A: can't validate existing > negative responses (no DS) > validating @0x8063a2700: click.mail.nacada.ksu.edu A: can't validate existing > negative responses (no DS) > validating @0x8089d9800: click.mail.nacada.ksu.edu A: can't validate existing > negative responses (no DS) > > flushing the cache or restarting doesn't help. >
So, digging into things....I turned up trace. On my 9.9.4-P2 server: http://pastebin.com/sQKHe15p On my FreeBSD 9.2 system at home: http://pastebin.com/JjQMG9CQ -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
