Alan Clegg <aclegg <at> isc.org> writes: > > On 11/2/2010 8:11 AM, Brian J. Murrell wrote: > > > > named error (broken trust chain) resolving '133.168.163.66.sa- > > trusted.bondedsender.org/TXT/IN': 173.45.100.146#53 > There isn't a chain of signed DS records that lead from a trust anchor > to the thing that you are trying to resolve.
So basically it just means that one or more zones from . down to the thing I'm trying to resolve has not been DNSSECized? i.e. no zone keys, signing, etc.? Wouldn't that be the case for the majority of "things" I (or anyone else) would be trying to resolve, in these early days of DNSSEC? It just seems like I'd see way more records (i.e. pretty much everything we try to resolve here) of the sort that I posted if that were the case. Maybe the variation in things we try to resolve here is not as much as I'd have thought. Am I misunderstanding? b. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
