[tlug] sudden dnssec errors for .jp domains

[nigel barker <nigel@example.com>]

Hi All,

My school is suddenly getting dns errors with japanese websites this
evening. We can't even access such staples as yahoo.co.jp  Everywhere
else in the world seems to be fine.  I'm seeing errors like this

May 15 19:09:06 tjener named[2812]: validating @0x7f7e90127710: jp DS:
no valid signature found
May 15 19:09:06 tjener named[2812]: error (no valid RRSIG) resolving
'jp/DS/IN': 128.63.2.53#53
May 15 19:09:06 tjener named[2812]: error (no valid DS) resolving
'www.yahoo.co.jp/A/IN': 221.113.139.250#53
May 15 19:09:06 tjener named[2812]: validating @0x7f7e8c334fa0:
www.yahoo.co.jp A: bad cache hit (jp/DS)
May 15 19:09:06 tjener named[2812]: error (broken trust chain)
resolving 'www.yahoo.co.jp/A/IN': 203.139.160.105#53


 I have to admit I know little about dnssec. (or dns at all if I'm
honest). How would I go about fixing this? There have been no changes
to bind, or any other part of the server today. Has something changed
at NTT, that you know of?

dnssec-validation is set to auto in named.conf.options

the forwarders are:
         221.113.139.250;
        203.139.160.105;


Appreciate any suggestions

Nigel