Also, just for testing. Similar happened to me. Try with ‘dnssec-validation no;’ ________________________________ From: bind-users <bind-users-boun...@lists.isc.org> on behalf of julien soula <julien.so...@univ-lille.fr> Sent: Sunday, November 22, 2020 9:31:56 AM To: upen <upendra.gan...@gmail.com> Cc: bind-users@lists.isc.org <bind-users@lists.isc.org>; BIND Users <bind-us...@isc.org> Subject: Re: Servfail on Bind -9.16.1
On Sat, Nov 21, 2020 at 03:20:26PM -0600, upen wrote: > .../... > default.log:21-Nov-2020 15:11:18.008 client @0x7fb6a800c0a0 127.0.0.1#33706 > (www.facebook.com<http://www.facebook.com>): query failed (broken trust > chain) for > www.facebook.com/IN/A<http://www.facebook.com/IN/A> at query.c:6883 > dnssec.log:21-Nov-2020 15:11:18.008 validating > www.facebook.com/CNAME:<http://www.facebook.com/CNAME:> bad > cache hit (com/DS) > lame-servers.log:21-Nov-2020 15:11:18.008 broken trust chain resolving ' > www.facebook.com/A/IN':<http://www.facebook.com/A/IN':> 129.134.31.12#53 it seems to be an error in dnssec. So I suppose that "dig +nodnssec ...." works. May be "dig +trace facebook.com" will give you more hints. sincerly, -- Julien _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
