DNS on F13

François Patte francois.patte at mi.parisdescartes.fr
Wed Nov 10 07:13:30 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 10/11/2010 00:14, Paolo Galtieri a écrit :
> I had configured a local DNS server under F12 and everything was working
> fine.  I upgraded the system to F13 and
> setup DNS again.  Now I see the following errors.
> 
> Nov  9 15:46:28 darkstar named[17913]:   validating @0xb4e48968:
> dlv.isc.org <http://dlv.isc.org> SOA: got insecure response; parent
> indicates it should be secure
> Nov  9 15:46:28 darkstar named[17913]: error (insecurity proof failed)
> resolving 'dlv.isc.org/DLV/IN <http://dlv.isc.org/DLV/IN>': 168.158.8.15#53
> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb49766e8:
> dlv.isc.org <http://dlv.isc.org> SOA: got insecure response; parent
> indicates it should be secure
> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977160:
> dlv.isc.org <http://dlv.isc.org> SOA: got insecure response; parent
> indicates it should be secure
> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977bd8:
> dlv.isc.org <http://dlv.isc.org> SOA: got insecure response; parent
> indicates it should be secure
> Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
> 'howtoforge.com.dlv.isc.org/DS/IN
> <http://howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53
> Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
> resolving 'howtoforge.com.dlv.isc.org/DLV/IN
> <http://howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53
> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4724d60:
> dlv.isc.org <http://dlv.isc.org> SOA: got insecure response; parent
> indicates it should be secure
> Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
> 'www.howtoforge.com.dlv.isc.org/DS/IN
> <http://www.howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53
> Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
> resolving 'www.howtoforge.com.dlv.isc.org/DLV/IN
> <http://www.howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53
> 
> I have 2 servers configured in the forwarders section of named.conf
> 
> forwarders { 68.2.16.30; 168.158.8.15; };
> 
> It only complains about the second one. 
> 
> I found Bug 577639 which seems related, but it's marked closed notabug.
> 
> So if it's not a bug why am I seeing these errors and how do I go about
> resolving them?
> 
> Is this a configuration issue on my side, or is this an issue with my ISP?
> 
> The file "/etc/named.iscdlv.key" contains the correct key.
> 
> Any assistance is appreciated.

Did you test if it is not related to selinux?


- --
François Patte
UFR de mathématiques et informatique
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)1 8394 5849
http://www.math-info.univ-paris5.fr/~patte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzaRhoACgkQdE6C2dhV2JVEoACfTxAXzHh2IQv6IkkyHTFptPzi
5lcAnjXuCgQ1bRJTkH12+CnWddFxlw+L
=RWDS
-----END PGP SIGNATURE-----


More information about the users mailing list