<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Times New Roman; font-size: 12pt; color: #000000'>Hello :D<div><br></div><div><span class="Apple-style-span" style="font-size: 13px; font-family: arial, sans-serif; line-height: 22px; "><span title="" style="background-color: rgb(230, 236, 249); color: rgb(0, 0, 0); ">I'm having problems with named...<br></span><span title="">did not make any changes or updates ...<br></span><span title="">but now it stopped working on some sites , do not know if the provider can be wrong, but I've been checking the logs, and I think it might be something with the dnssec or even to bind<br></span><span title="">following logs and details:</span></span></div><div><span class="Apple-style-span" style="font-size: 13px; font-family: arial, sans-serif; line-height: 22px; "><span title=""><br></span></span></div><div><span class="Apple-style-span" style="font-size: 13px; font-family: arial, sans-serif; line-height: 22px; "><span title=""><br></span></span></div><div><span class="Apple-style-span" style="font-size: 13px; font-family: arial, sans-serif; line-height: 22px; "><span title=""><br></span></span></div><div><font class="Apple-style-span" face="arial, sans-serif" size="3"><span class="Apple-style-span" style="font-size: 13px; line-height: 22px;"><br></span></font></div><div><span class="Apple-style-span" style="font-size: 13px; font-family: arial, sans-serif; line-height: 22px; "><span title=""><div>[root@cdf-server /]# rpm -q bind dnssec-conf</div><div>bind-9.6.2-4.P2.fc11.i586</div><div>dnssec-conf-1.21-1.fc11.noarch</div><div><div>==================================================================</div></div><div>[root@cdf-server /]# ping www.uol.com.br</div><div><div>ping: unknown host www.uol.com.br</div></div><div><br></div><div>tail -f var log messages:</div><div><br></div><div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb361c178: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb361c178: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:35:46 cdf-server named[5939]: no valid KEY resolving 'br/DNSKEY/IN': 200.219.159.10#53</div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb3419c48: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb3419c48: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:35:46 cdf-server named[5939]: no valid KEY resolving 'br/DNSKEY/IN': 200.192.232.10#53</div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb3738498: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb3738498: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:35:46 cdf-server named[5939]: no valid KEY resolving 'br/DNSKEY/IN': 200.160.0.10#53</div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb3738498: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb3738498: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:35:46 cdf-server named[5939]: no valid KEY resolving 'br/DNSKEY/IN': 200.189.40.10#53</div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb3419c48: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:35:46 cdf-server named[5939]: validating @0xb3419c48: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:35:46 cdf-server named[5939]: no valid KEY resolving 'br/DNSKEY/IN': 200.229.248.10#53</div><div>Jul 27 13:35:47 cdf-server named[5939]: validating @0xb3215920: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:35:47 cdf-server named[5939]: validating @0xb3215920: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:35:47 cdf-server named[5939]: no valid KEY resolving 'br/DNSKEY/IN': 200.219.154.10#53</div><div>Jul 27 13:35:47 cdf-server named[5939]: network unreachable resolving 'br/DNSKEY/IN': 2001:12ff::10#53</div><div>Jul 27 13:35:47 cdf-server named[5939]: network unreachable resolving 'br/DNSKEY/IN': 2001:12f8:1::10#53</div><div>Jul 27 13:35:47 cdf-server named[5939]: broken trust chain resolving 'www.uol.com.br/A/IN': 200.221.11.98#53</div></div><div><br></div><div><br></div><div><div>==================================================================</div></div><div>[root@cdf-server /]# /etc/init.d/named restart</div><div><div>Stopping named: [ OK ]</div><div>Starting named: [ OK ]</div></div><div><br></div><div>tail -f var log messages</div><div><div>Jul 27 13:38:34 cdf-server named[5939]: received control channel command 'stop'</div><div>Jul 27 13:38:34 cdf-server named[5939]: shutting down: flushing changes</div><div>Jul 27 13:38:34 cdf-server named[5939]: stopping command channel on 127.0.0.1#953</div><div>Jul 27 13:38:34 cdf-server named[5939]: stopping command channel on ::1#953</div><div>Jul 27 13:38:34 cdf-server named[5939]: no longer listening on 127.0.0.1#53</div><div>Jul 27 13:38:34 cdf-server named[5939]: no longer listening on 186.204.99.13#53</div><div>Jul 27 13:38:34 cdf-server named[5939]: no longer listening on 192.168.5.1#53</div><div>Jul 27 13:38:34 cdf-server named[5939]: no longer listening on 192.168.8.10#53</div><div>Jul 27 13:38:34 cdf-server named[5939]: no longer listening on ::1#53</div><div>Jul 27 13:38:34 cdf-server named[5939]: exiting</div><div>Jul 27 13:38:35 cdf-server named[6100]: starting BIND 9.6.2-P2-RedHat-9.6.2-4.P2.fc11 -u named</div><div>Jul 27 13:38:35 cdf-server named[6100]: built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--target=i586-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'target_alias=i586-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE'</div><div>Jul 27 13:38:35 cdf-server named[6100]: adjusted limit on open files from 65536 to 1048576</div><div>Jul 27 13:38:35 cdf-server named[6100]: found 4 CPUs, using 4 worker threads</div><div>Jul 27 13:38:35 cdf-server named[6100]: using up to 4096 sockets</div><div>Jul 27 13:38:35 cdf-server named[6100]: loading configuration from '/etc/named.conf'</div><div>Jul 27 13:38:35 cdf-server named[6100]: using default UDP/IPv4 port range: [1024, 65535]</div><div>Jul 27 13:38:35 cdf-server named[6100]: using default UDP/IPv6 port range: [1024, 65535]</div><div>Jul 27 13:38:35 cdf-server named[6100]: listening on IPv4 interface lo, 127.0.0.1#53</div><div>Jul 27 13:38:35 cdf-server named[6100]: listening on IPv4 interface eth1, 186.204.99.13#53</div><div>Jul 27 13:38:35 cdf-server named[6100]: listening on IPv4 interface eth0, 192.168.5.1#53</div><div>Jul 27 13:38:35 cdf-server named[6100]: listening on IPv4 interface tap0, 192.168.8.10#53</div><div>Jul 27 13:38:35 cdf-server named[6100]: listening on IPv6 interface lo, ::1#53</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: 127.IN-ADDR.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: 254.169.IN-ADDR.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: 2.0.192.IN-ADDR.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: D.F.IP6.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: 8.E.F.IP6.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: 9.E.F.IP6.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: A.E.F.IP6.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: automatic empty zone: B.E.F.IP6.ARPA</div><div>Jul 27 13:38:35 cdf-server named[6100]: command channel listening on 127.0.0.1#953</div><div>Jul 27 13:38:35 cdf-server named[6100]: command channel listening on ::1#953</div><div>Jul 27 13:38:35 cdf-server named[6100]: the working directory is not writable</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone 0.in-addr.arpa/IN: loaded serial 0</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone 5.168.192.in-addr.arpa/IN: loaded serial 2009034333</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone geribello.com.br/IN: loaded serial 2009080309</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone localhost.localdomain/IN: loaded serial 0</div><div>Jul 27 13:38:35 cdf-server named[6100]: zone localhost/IN: loaded serial 0</div><div>Jul 27 13:38:35 cdf-server named[6100]: running</div><div><br></div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'www.fotolog.com.br/A/IN': 2001:12ff::10#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'ns1.fotolog.com/AAAA/IN': 2001:503:ba3e::2:30#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'ns2.fotolog.com/AAAA/IN': 2001:503:a83e::2:30#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'ns1.fotolog.net/A/IN': 2001:500:2f::f#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'dlv.isc.org/DLV/IN': 2001:500:b::1#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'ns2.fotolog.net/AAAA/IN': 2001:503:231d::2:30#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'dlv.isc.org/DLV/IN': 2001:500:71::30#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:1::803f:235#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:dc3::35#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:503:c27::2:30#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:7fd::1#53</div><div>Jul 27 13:38:36 cdf-server named[6100]: network unreachable resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:19::1#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: network unreachable resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:41::1#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: network unreachable resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:7::79#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: network unreachable resolving 'ns.isc.afilias-nst.info/AAAA/IN': 2001:500:8::79#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: network unreachable resolving 'ns.isc.afilias-nst.info/A/IN': 2001:500:6::79#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: network unreachable resolving 'pdns3.ultradns.org/A/IN': 2001:500:e::1#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: network unreachable resolving 'pdns4.ultradns.org/AAAA/IN': 2001:500:c::1#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: network unreachable resolving 'pdns4.ultradns.org/AAAA/IN': 2001:500:48::1#53</div><div><br></div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb3718648: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb3718648: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:37 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.192.232.10#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb34094b0: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb34094b0: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:37 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.229.248.10#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb3202478: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb3202478: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:37 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.219.154.10#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb3403480: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb3403480: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:37 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.219.159.10#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb4248968: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb4248968: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:37 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.189.40.10#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb3202478: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:37 cdf-server named[6100]: validating @0xb3202478: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:37 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.160.0.10#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: network unreachable resolving 'br/DNSKEY/IN': 2001:12f8:1::10#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: network unreachable resolving 'br/DNSKEY/IN': 2001:12ff::10#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: broken trust chain resolving 'com.br/DS/IN': 200.160.0.10#53</div><div>Jul 27 13:38:37 cdf-server named[6100]: no valid DS resolving 'www.fotolog.com.br/A/IN': 204.74.66.253#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3716bc8: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3716bc8: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.192.232.10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3402478: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3402478: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.219.159.10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3603248: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3603248: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.189.40.10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb320db80: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb320db80: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.160.0.10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3404488: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3404488: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.229.248.10#53</div><div><br></div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3715bc0: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3715bc0: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.219.154.10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: network unreachable resolving 'br/DNSKEY/IN': 2001:12ff::10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: network unreachable resolving 'br/DNSKEY/IN': 2001:12f8:1::10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: broken trust chain resolving 'www.fotolog.com.br/A/IN': 204.74.67.253#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3709b60: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3709b60: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.160.0.10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb38e8d18: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb38e8d18: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.189.40.10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb34074a0: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb34074a0: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.192.232.10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3715bc0: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb3715bc0: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.229.248.10#53</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb38e8d18: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:38 cdf-server named[6100]: validating @0xb38e8d18: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:38 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.219.159.10#53</div><div>Jul 27 13:38:39 cdf-server named[6100]: validating @0xb3715bc0: br DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches one of specified trusted-keys for 'br'</div><div>Jul 27 13:38:39 cdf-server named[6100]: validating @0xb3715bc0: br DNSKEY: please check the 'trusted-keys' for 'br' in named.conf.</div><div>Jul 27 13:38:39 cdf-server named[6100]: no valid KEY resolving 'br/DNSKEY/IN': 200.219.154.10#53</div><div>Jul 27 13:38:39 cdf-server named[6100]: network unreachable resolving 'br/DNSKEY/IN': 2001:12ff::10#53</div><div>Jul 27 13:38:39 cdf-server named[6100]: network unreachable resolving 'br/DNSKEY/IN': 2001:12f8:1::10#53</div><div>Jul 27 13:38:39 cdf-server named[6100]: broken trust chain resolving 'www.fotolog.com.br/A/IN': 204.74.66.253#53</div><div>Jul 27 13:38:39 cdf-server named[6100]: network unreachable resolving 'net.dlv.isc.org/DLV/IN': 2001:500:60::29#53</div><div>Jul 27 13:38:39 cdf-server named[6100]: network unreachable resolving 'net.dlv.isc.org/DLV/IN': 2001:502:ad09::23#53</div><div>Jul 27 13:38:39 cdf-server named[6100]: network unreachable resolving 'net.dlv.isc.org/DLV/IN': 2001:500:71::29#53</div><div>Jul 27 13:38:39 cdf-server named[6100]: network unreachable resolving 'net.dlv.isc.org/DLV/IN': 2001:4f8:0:2::20#53</div><div>Jul 27 13:38:40 cdf-server named[6100]: network unreachable resolving 'a899.g.akamai.net.dlv.isc.org/DLV/IN': 2001:502:2eda::23#53</div><div>Jul 27 13:38:40 cdf-server named[6100]: network unreachable resolving 'a899.g.akamai.net.dlv.isc.org/DLV/IN': 2001:500:2c::254#53</div></div><div><div>Jul 27 13:38:48 cdf-server named[6100]: network unreachable resolving 'za.akadns.org/A/IN': 2001:500:40::1#53</div><div>Jul 27 13:38:48 cdf-server named[6100]: network unreachable resolving 'zb.akadns.org/AAAA/IN': 2001:500:40::1#53</div><div>Jul 27 13:38:48 cdf-server named[6100]: network unreachable resolving 'zc.akadns.org/A/IN': 2001:500:40::1#53</div><div>Jul 27 13:38:48 cdf-server named[6100]: network unreachable resolving 'za.akadns.org/A/IN': 2001:500:f::1#53</div><div>Jul 27 13:38:48 cdf-server named[6100]: network unreachable resolving 'zc.akadns.org/AAAA/IN': 2001:500:f::1#53</div></div><div><br></div><div><div>==================================================================</div></div><div><br></div><div>[root@cdf-server etc]# cat named.conf</div><div><div>//</div><div>// named.conf</div><div><br></div><div>options {</div><div> listen-on port 53 { any; };</div><div> listen-on-v6 port 53 { ::1; };</div><div> directory "/var/named";</div><div> dump-file "/var/named/data/cache_dump.db";</div><div> statistics-file "/var/named/data/named_stats.txt";</div><div> memstatistics-file "/var/named/data/named_mem_stats.txt";</div><div> allow-query { any; };</div><div> recursion yes;</div><div> dnssec-enable yes;</div><div> dnssec-validation yes;</div><div> dnssec-lookaside . trust-anchor dlv.isc.org.;</div><div>};</div><div><br></div><div>logging {</div><div> channel default_debug {</div><div> file "data/named.run";</div><div> severity dynamic;</div><div> };</div><div>};</div><div><br></div><div>zone "." IN {</div><div> type hint;</div><div> file "named.ca";</div><div>};</div><div><br></div><div>include "/etc/named.rfc1912.zones";</div><div><br></div><div>include "/etc/pki/dnssec-keys//named.dnssec.keys";</div><div>include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";</div><div><br></div><div>### Zona Geribello.</div><div>zone "geribello.com.br" {</div><div> type slave;</div><div> masters { 192.168.0.2; };</div><div> allow-notify { 192.168.0.2; };</div><div># allow-update { 192.168.0.2; };</div><div> file "slaves/db.geribello.com.br";</div><div>};</div><div><br></div><div>zone "5.168<span class="Apple-style-span" style="font-size: medium;">.192.in-addr.arpa" {</span></div><div><span class="Apple-style-span" style="font-size: medium;"> type master;</span></div><div><span class="Apple-style-span" style="font-size: medium;"> file "slaves/db.5.168.192";</span></div><div><span class="Apple-style-span" style="font-size: medium;">};</span></div></div><div><span class="Apple-style-span" style="font-size: medium;"><br></span></div><div><span class="Apple-style-span" style="font-size: medium;"><br></span></div><div>==================================================================</div><div><br></div><div><div>[root@cdf-server named]# cat named.ca</div><div>; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net</div><div>;; global options: printcmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420</div><div>;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20</div><div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>;; QUESTION SECTION:</div><div>;. IN NS</div><div><br></div><div>;; ANSWER SECTION:</div><div>. 518400 IN NS M.ROOT-SERVERS.NET.</div><div>. 518400 IN NS A.ROOT-SERVERS.NET.</div><div>. 518400 IN NS B.ROOT-SERVERS.NET.</div><div>. 518400 IN NS C.ROOT-SERVERS.NET.</div><div>. 518400 IN NS D.ROOT-SERVERS.NET.</div><div>. 518400 IN NS E.ROOT-SERVERS.NET.</div><div>. 518400 IN NS F.ROOT-SERVERS.NET.</div><div>. 518400 IN NS G.ROOT-SERVERS.NET.</div><div>. 518400 IN NS H.ROOT-SERVERS.NET.</div><div>. 518400 IN NS I.ROOT-SERVERS.NET.</div><div>. 518400 IN NS J.ROOT-SERVERS.NET.</div><div>. 518400 IN NS K.ROOT-SERVERS.NET.</div><div>. 518400 IN NS L.ROOT-SERVERS.NET.</div><div><br></div><div>;; ADDITIONAL SECTION:</div><div>A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4</div><div>A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30</div><div>B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201</div><div>C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12</div><div>D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90</div><div>E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10</div><div>F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241</div><div>F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f</div><div>G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4</div><div>H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53</div><div>H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235</div><div>I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17</div><div>J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30</div><div>J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30</div><div>K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129</div><div>K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1</div><div>L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42</div><div>M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33</div><div>M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35</div><div><br></div><div>;; Query time: 147 msec</div><div>;; SERVER: 198.41.0.4#53(198.41.0.4)</div><div>;; WHEN: Mon Feb 18 13:29:18 2008</div><div>;; MSG SIZE rcvd: 615</div></div><div><br></div><div><br></div><div><br></div><div>==================================================================</div><div><br></div><div><div><span class="Apple-style-span" style="line-height: 25px; "><span class="Apple-style-span" style="font-size: medium; ">I can not see what could be wrong, but I dont have dns for two days...</span></span></div><div><span class="Apple-style-span" style="line-height: 25px; font-size: medium; ">plz any help?? </span></div></div><div><span class="Apple-style-span" style="line-height: 25px; font-size: medium; "><br></span></div><div><br></div></span></span></div><div><span class="Apple-style-span" style="font-size: 13px; font-family: arial, sans-serif; line-height: 22px; "><span title=""><br></span></span></div><div><div><span><br><div><div>
<div>
<div>
<div>
<div>
<div></div></div></div>
<div>
<p><span class="txt"><font size="2" face="Arial"></font></span><span style="FONT-SIZE: small"><em><strong><span class="txt"><font color="#000099" face="Arial">Marcelo Moretti</font></span></strong></em></span></p>
<p><font class="Apple-style-span" face="Arial"><span class="Apple-style-span" style="font-size: x-small;"><b><i><br></i></b></span></font></p></div></div></div></div></div></span></div></div></div></body></html>