[dns-operations] Can't resolve NIH.GOV records
Jeremy C. Reed
reed at reedmedia.net
Wed May 13 21:26:42 UTC 2009
On Wed, 13 May 2009, Craig Leres wrote:
> I found a clue to my MX problems with extra.niddk.nih.gov. Last
> night backups failed on one of my systems with:
>
> ssh: Could not resolve hostname hagar.lbl.gov: hostname nor servname
> provided, or not known
>
> I looked at the logs and found this:
>
> May 13 06:00:01 zip.lbl.gov named[730]: no valid DS resolving
> 'hagar.lbl.gov/A/IN': 128.3.34.186#53
>
> Note that lbl.gov is *not* signed yet.
I don't know what that is. Need logs maybe.
> I went back and looked one of the mail hosts and it was getting
> tons of these for list.nih.gov:
>
> May 11 13:29:22 portnoy named[54927]: no valid DS resolving
> 'LIST.NIH.GOV/A/IN': 165.112.4.230#53
> May 11 13:29:22 portnoy named[54927]: no valid DS resolving
> 'LIST.NIH.GOV/A/IN': 128.231.128.251#53
I can reproduce that with 9.6.0-P1.
Can you please try 9.6.1b1?
+2554. [bug] Validation of uppercase queries from NSEC3 zones could
+ fail. [RT #19297]
> The only way I could get the mailing list to work on that host was
> to turn off DLV. I do not believe nih.gov is signed.
>
> Both systems run 9.6.0-P1.
>
> Is "no valid DS resolving" for unsigned zones a known bug? Are there
> any fixes aside from turning off lookaside validation? For example,
> is this fixed in 9.6.1b1?
More information about the dns-operations
mailing list