#18 iterative mode validate fails on !dnsssec server

open
nobody
None
5
2006-08-04
2006-08-04
Anonymous
No

When in iterative mode (-r /dev/null -i etc/root.hints), the validator will most certainly encounter non-dnssec-aware name servers. If the query name is expected to be trusted, queries are sent with the CD bit set. Some non-dnssec-aware name servers will return FORMERR, which the resolver treats as a fatal error.

I can see 2 potential solutions for this:

1) remove the name server from the name server list and move on to the next.

2) mark the name server as non-dnssec-aware, and try again without the CD bit set.

Discussion

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks