Since upgrading our main recursive nameservers to BIND 9.7.2-P2 (and using a trust anchor for the root and lookaside via dlv.isc.org) I am seeing a scatter of warning messages like this:
Oct 1 19:47:19 dnssec: warning: validating @1c29d580: 115.197.101.95.IN-ADDR.ARPA PTR: can't validate existing negative responses (not a zone cut) Oct 1 19:47:19 dnssec: warning: validating @8d34550: 115.197.101.95.IN-ADDR.ARPA PTR: can't validate existing negative responses (not a zone cut) Oct 2 11:25:28 dnssec: warning: validating @11d37f18: 32.197.101.95.IN-ADDR.ARPA PTR: can't validate existing negative responses (not a zone cut) Oct 3 01:39:21 dnssec: warning: validating @160f4260: 205.205.101.95.IN-ADDR.ARPA PTR: can't validate existing negative responses (not a zone cut) Oct 3 08:40:14 dnssec: warning: validating @12cd35c0: 20.204.101.95.IN-ADDR.ARPA PTR: can't validate existing negative responses (not a zone cut) Oct 3 16:53:10 dnssec: warning: validating @14c9cd70: 98.206.101.95.IN-ADDR.ARPA PTR: can't validate existing negative responses (not a zone cut) What do they mean, exactly? And should I be worrying about them? They all seem to refer to PTR records (not all of them for IP addresses in 95.101/16, but many of them are). -- Chris Thompson Email: c...@cam.ac.uk _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
