Open bortzmeyer opened 11 years ago
check-soa uses the local resolver to retrieve the list of NS.
For instance, if the local resolver validates with DNSSEC and the domain is broken (.MIL, today), the message is spurious:
% check-soa mil No NS records for "mil.". It is probably a domain but not a zone
(The SERVFAIL in response to the NS query was misinterpreted)
The new option -ns solves partially the problem:
% check-soa -ns "$(dig +short +nodnssec @a.root-servers.net NS mil)" mil
check-soa uses the local resolver to retrieve the list of NS.
For instance, if the local resolver validates with DNSSEC and the domain is broken (.MIL, today), the message is spurious:
% check-soa mil No NS records for "mil.". It is probably a domain but not a zone
(The SERVFAIL in response to the NS query was misinterpreted)