On Apr 15 2010, Roy Badami wrote:
Actually there *is* DNSSEC involved or the query would not have
failed.
Yes, sorry. I meant to imply that there is no DNSSEC involved beyond
the verification of the covering NSEC that proves the lack of a DLV
record.
There is a bug in the BIND 9.7.0-P1 fixes that triggers this. The
fix below is in review at the moment.
Interesting - so it sounds like the problems I was seeing with 9.7.0
were probably unrelated.
The patch certainly seems to fix the issue with www.bbc.net.uk. I'll
run with it for a few days and see if the .org issue I was having
earlier recurs.
Incidentally, the same patch appears to cure the problem with 9.7.0-P1
and 9.6.2-P1 that I reported earlier as
"dig dnskey int." different responses from recent BIND versions
Caveat emptor until ISC make the patch official, of course.
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
