In message <prayer.1.3.1.0902051754210.4...@hermes-2.csi.cam.ac.uk>, Chris
Thompson writes:
> On Feb 5 2009, I wrote:
>
> >DLV records for advocaat.pro & advocaten.pro are among the recent
>additions to dlv.isc.org. Using validating recursive nameservers
> >running BIND 9.5.1-P1 (configured to trust dlv.isc.org), I get SERVFAILs
> >looking things up in them, although not consistently. This doesn't
> >happen with non-validating nameservers.
> >
> >I can't work out what is wrong with them. Does anyone else see the
> >same effect?
>
> More info about the "not consistently" bit. With nothing about
> them in the cache ("rndc flushname advocaat.pro") looking up SOA or
> NS records for them gives SERVFAIL. But looking up A records does
> not, and after that SOA and NS lookups work OK as well.
>
> Hmmm...
The TLD lies. DNSSEC is doing exactly what it is
supposed to do and is blocking ibad answers.
Mark
; <<>> DiG 9.3.6-P1 <<>> advocaat.pro soa @c.gtld.pro +dnssec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29667
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;advocaat.pro. IN SOA
;; AUTHORITY SECTION:
pro. 14400 IN SOA a.gtld.pro.
hostmaster.registrypro.pro. 2009020518 28800 7200 604800 300
;; Query time: 186 msec
;; SERVER: 192.149.64.10#53(192.149.64.10)
;; WHEN: Fri Feb 6 11:45:31 2009
;; MSG SIZE rcvd: 96
> --
> Chris Thompson
> Email: c...@cam.ac.uk
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
