Hi
I am getting the following error if i test the domain on dnsviz.net.
For example for domain example.org i get :
caikb.6tqs4.example.org/A has errors; select the "Denial of existence"
DNSSEC option to see them.
On checking the denial of existence settings i get:
RRset status
Bogus (1)
caikb.6tqs4.example.org/A (NXDOMAIN)
Errors (2)
NSEC3 proving non-existence of caikb.6tqs4.example.org/A: No NSEC3 RR
corresponds to the closest encloser of the SNAME
(caikb.6tqs4.example.org). See RFC 5155, Sec. 8.4.
NSEC3 proving non-existence of caikb.6tqs4.example.org/A: No NSEC3 RR
corresponds to the closest encloser of the SNAME
(caikb.6tqs4.example.org). See RFC 5155, Sec. 8.4.
I do not get any errors on an existing subdomain like mail.example.org
or even a non existent subdomain like htcghugfg.example.org
also not all domains managed by the server get this error, only some of
them.
i have these parameters defined in dnssec policy:
nsec3param iterations 0 optout no salt-length 0;
any ideas will be welcome.
--
akritrim® Intelligence™
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
