Hi, I am having a problem,
I am signing a zone with opendnssec, After signing it seems fine and If issue a *dig @[dnssec-aware-recursive-server] [zone] +dnssec SOA* from this [*dnssec-aware-recursive-server*] And the answer is returned with RRSIGS and ad bit But after some time if I issue again i get SERVFAIL and checking the logs i get this 25-Nov-2011 09:16:09.111 debug 3: validating @0xb93ccf28: zone SOA: starting 25-Nov-2011 09:16:09.111 debug 3: validating @0xb93ccf28: zone SOA: attempting positive response validation 25-Nov-2011 09:16:09.111 info: validating @0xb93ccf28: zone SOA: bad cache hit (zone/DNSKEY) 25-Nov-2011 09:16:09.111 debug 3: validator @0xb93ccf28: dns_validator_destroy But after sometime again i get good results with no error I wonder if anyone has ever got the error I have checked dig +cd and i get answers perfectly so I suppose its dnssec issue and i have checked if the RRSIG are expired and its not the case as they are not even close to expiry. I will appreciate. -- [ Bryton | Systems Engineer | .tzNIC | www.tznic.or.tz ]
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
