On Fri, 3 Jul 2009, W.C.A. Wijngaards wrote: > I think this is a result of a bug I already fixed, which barfed the > security status after taking a query from the cache a second time. > > In your logs this seems to happen for in-addr.arpa.dlv.isc.org, which > loses the secure status for its DLV answer, which in turn makes the > DLV lookup error, which generates the servfail. Why the second lookup > then succeeds I do not understand. Oh, just realised my resolver uses dnssec-conf, and will load trust anchors for all the RIPE zones, so they don't go via DLV. > I hope the bug is fixed in 1.3.1 (just with release candidate), otherwise I'd > like to look at a higher verbosity log for it. 1.3.0-1 in fedora should also have that fix incorperated. Paul