On 23-Dec-15 08:34, Tony Finch wrote: > Tony Finch <d...@dotat.at> wrote: > > Also, why is it trying to get address records for a reverse DNS name?
An ip6.arpa or in-addra.arpa zone is not restricted to PTR records. There's nothing special about 'reverse zones'. dnsviz uses some heuristics to guess what records are worth looking for. A while ago I asked Casey to have DNSVIZ check for more than PTR+DNSSEC records in reverse zones, which he did. There's a panel in dnsviz where you can change what it looks for if you want more (or less). A/AAAA records are used in reverse zones by an obscure RFC (1101 encoding of subnet masks), and by others for similar purposes. (It shouldn't be surprising that CNAME, TXT, RP, LOC and DNSSEC-related records can be in reverse zones too.) dnsviz launches its queries in parallel, so asking for a few extra records doesn't hurt anyone. > 23-Dec-2015 13:20:54.328 lame-servers: info: broken trust chain resolving > 'a.f.f.1.0.0.0.8.1.0.a.2.ip6.arpa/DS/IN': 94.126.40.2#53 > 23-Dec-2015 13:20:54.328 lame-servers: info: broken trust chain resolving > '1.0.0.0.3.2.1.0.0.0.0.0.0.0.0.0.2.0.0.f.a.f.f.1.0.0.0.8.1.0.a.2.ip6.arpa/AAAA/IN': > 2a01:8000:1ffa:f003:bc9d:1dff:fe9b:7466#53 > 23-Dec-2015 13:20:54.398 lame-servers: info: broken trust chain resolving > '1.0.0.0.3.2.1.0.0.0.0.0.0.0.0.0.2.0.0.f.a.f.f.1.0.0.0.8.1.0.a.2.ip6.arpa/A/IN': > 217.168.153.95#53 > > Tony. Timothe Litt ACM Distinguished Engineer -------------------------- This communication may not represent the ACM or my employer's views, if any, on the matters discussed.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users