[dns-operations] Can't resolve NIH.GOV records

Jeremy C. Reed reed at reedmedia.net
Wed May 13 21:26:42 UTC 2009

On Wed, 13 May 2009, Craig Leres wrote:

> I found a clue to my MX problems with extra.niddk.nih.gov. Last
> night backups failed on one of my systems with:
>     ssh: Could not resolve hostname hagar.lbl.gov: hostname nor servname
> provided, or not known
> I looked at the logs and found this:
>     May 13 06:00:01 zip.lbl.gov named[730]: no valid DS resolving
> 'hagar.lbl.gov/A/IN':
> Note that lbl.gov is *not* signed yet.

I don't know what that is. Need logs maybe.

> I went back and looked one of the mail hosts and it was getting
> tons of these for list.nih.gov:
>     May 11 13:29:22 portnoy named[54927]: no valid DS resolving
>     May 11 13:29:22 portnoy named[54927]: no valid DS resolving

I can reproduce that with 9.6.0-P1.

Can you please try 9.6.1b1?

+2554.  [bug]           Validation of uppercase queries from NSEC3 zones could
+                       fail. [RT #19297]

> The only way I could get the mailing list to work on that host was
> to turn off DLV. I do not believe nih.gov is signed.
> Both systems run 9.6.0-P1.
> Is "no valid DS resolving" for unsigned zones a known bug? Are there
> any fixes aside from turning off lookaside validation? For example,
> is this fixed in 9.6.1b1?

More information about the dns-operations mailing list