1 |
On 2019-09-17 13:01, John Covici wrote: |
2 |
|
3 |
> > > Also, when I restart named (which I have now done automatically by |
4 |
> > > systemd) it gives me a lot of errors like the following: |
5 |
> > > Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no |
6 |
> > > valid signature found |
7 |
> > > or this: |
8 |
> > > Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no |
9 |
> > > valid signature found |
10 |
> > |
11 |
> > This looks like a DNSSEC problem. I don't run bind on my gentoo system, |
12 |
> > but I did this: |
13 |
|
14 |
> > [snipped] |
15 |
|
16 |
> > Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and |
17 |
> > libcrypto) part of the output? |
18 |
|
19 |
> libcrypto is there along with libgnutls, but no libssl. |
20 |
|
21 |
Ok, so it probably is built with DNSSEC support. |
22 |
|
23 |
How do you populate your cache? Do you recurse to the root servers, or |
24 |
do you have a "forwarder" (for example, your ISP server) to which you |
25 |
pass all queries that miss the cache? |
26 |
|
27 |
-- |
28 |
Please don't Cc: me privately on mailing lists and Usenet, |
29 |
if you also post the followup to the list or newsgroup. |
30 |
To reply privately _only_ on Usenet and on broken lists |
31 |
which rewrite From, fetch the TXT record for no-use.mooo.com. |