Wouter,
> The NS record is bogus. When it finds out the NS record is
> bogus, unbound refuses to talk to those nameservers.
Paul Wouters was right: the zone content was bad, and Andreas spotted
the cause: multiple RRSIGs on the NS RRset. My pdns signer erroneously
created them, but that has just been fixed in r2053.
I thought it was Unbound only, because neither BIND nor [1], [2], or [3]
hinted that something was wrong. That worries me.
Thank you all,
-JP
[1] http://dnssec-debugger.verisignlabs.com/
[2] http://dnsviz.net/
[3] http://dnscheck.iis.se/
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
