Gentoo Archives: gentoo-user

From: Ian Zimmerman <itz@××××××××××××.org>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: problem with named restarting
Date: Tue, 17 Sep 2019 22:34:07
Message-Id: 20190917223351.wgdcfozsht5oqayc@matica.foolinux.mooo.com
In Reply to: Re: [gentoo-user] Re: problem with named restarting by John Covici
1 On 2019-09-17 13:01, John Covici wrote:
2
3 > > > Also, when I restart named (which I have now done automatically by
4 > > > systemd) it gives me a lot of errors like the following:
5 > > > Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no
6 > > > valid signature found
7 > > > or this:
8 > > > Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no
9 > > > valid signature found
10 > >
11 > > This looks like a DNSSEC problem. I don't run bind on my gentoo system,
12 > > but I did this:
13
14 > > [snipped]
15
16 > > Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and
17 > > libcrypto) part of the output?
18
19 > libcrypto is there along with libgnutls, but no libssl.
20
21 Ok, so it probably is built with DNSSEC support.
22
23 How do you populate your cache? Do you recurse to the root servers, or
24 do you have a "forwarder" (for example, your ISP server) to which you
25 pass all queries that miss the cache?
26
27 --
28 Please don't Cc: me privately on mailing lists and Usenet,
29 if you also post the followup to the list or newsgroup.
30 To reply privately _only_ on Usenet and on broken lists
31 which rewrite From, fetch the TXT record for no-use.mooo.com.

Replies

Subject Author
Re: [gentoo-user] Re: problem with named restarting John Covici <covici@××××××××××.com>