On 11/2/2010 8:11 AM, Brian J. Murrell wrote: > Since enabling DNSSEC on my resolving server I have been seeing various > instances of the following sort of messages: > > named error (broken trust chain) resolving '133.168.163.66.sa- > trusted.bondedsender.org/TXT/IN': 173.45.100.146#53 [..] > '101.43.195.217.bb.barracudacentral.org/A/IN': 75.101.143.130#53 > named error (broken trust chain) resolving '101.43.195.217.sa- > trusted.bondedsender.org/TXT/IN': 72.232.192.162#53 > > I haven't been able to find an explanation of what that "broken trust chain" > message means, exactly. > > Anyone care to explain?
There isn't a chain of signed DS records that lead from a trust anchor to the thing that you are trying to resolve. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
