DNS on F13

Rick Sewill rsewill at gmail.com
Wed Nov 10 18:24:06 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/10/2010 10:28 AM, Paolo Galtieri wrote:
> On 11/10/10 00:13, François Patte wrote:
> Le 10/11/2010 00:14, Paolo Galtieri a écrit :
>>>> I had configured a local DNS server under F12 and everything was working
>>>> fine.  I upgraded the system to F13 and
>>>> setup DNS again.  Now I see the following errors.
>>>>
>>>> Nov  9 15:46:28 darkstar named[17913]:   validating @0xb4e48968:
>>>> dlv.isc.org<http://dlv.isc.org>  SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov  9 15:46:28 darkstar named[17913]: error (insecurity proof failed)
>>>> resolving 'dlv.isc.org/DLV/IN<http://dlv.isc.org/DLV/IN>': 168.158.8.15#53
>>>> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb49766e8:
>>>> dlv.isc.org<http://dlv.isc.org>  SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977160:
>>>> dlv.isc.org<http://dlv.isc.org>  SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4977bd8:
>>>> dlv.isc.org<http://dlv.isc.org>  SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
>>>> 'howtoforge.com.dlv.isc.org/DS/IN
>>>> <http://howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53
>>>> Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
>>>> resolving 'howtoforge.com.dlv.isc.org/DLV/IN
>>>> <http://howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53
>>>> Nov  9 15:48:02 darkstar named[17913]:   validating @0xb4724d60:
>>>> dlv.isc.org<http://dlv.isc.org>  SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov  9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
>>>> 'www.howtoforge.com.dlv.isc.org/DS/IN
>>>> <http://www.howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53
>>>> Nov  9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
>>>> resolving 'www.howtoforge.com.dlv.isc.org/DLV/IN
>>>> <http://www.howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53
>>>>
>>>> I have 2 servers configured in the forwarders section of named.conf
>>>>
>>>> forwarders { 68.2.16.30; 168.158.8.15; };
>>>>
>>>> It only complains about the second one.
>>>>
>>>> I found Bug 577639 which seems related, but it's marked closed notabug.
>>>>
>>>> So if it's not a bug why am I seeing these errors and how do I go about
>>>> resolving them?
>>>>
>>>> Is this a configuration issue on my side, or is this an issue with my ISP?
>>>>
>>>> The file "/etc/named.iscdlv.key" contains the correct key.
>>>>
>>>> Any assistance is appreciated.
> 
> Did you test if it is not related to selinux?
> 
> 
> I don't believe it has anything to do with SElinux since the errors only 
> show up for one of the 2 DNS servers I have listed in the forwarders 
> entry.  Also I don't get any SElinux alert messages.

> Paolo

May we see your /etc/named.conf file please?

I am wondering if you have an old /etc/named.conf file.
Please look for /etc/named.conf.rpmnew, and if it's there,
please compare the two files, save your current /etc/named.conf,
and mv /etc/named.conf.rpmnew /etc/named.conf

When I do,
[root at rsewill ~]# service named start
Starting named:                                            [  OK  ]
followed by
[root at rsewill ~]# host -a energy.gov localhost
<Too much stuff got printed to reproduce here without reason>
<Output looks reasonable>

I do not have bind-chroot installed.  Are you using bind-chroot?

For this test, I am using
[root at rsewill ~]# rpm -q bind
bind-9.7.1-2.P2.fc13.x86_64
What version of bind are you using please?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkza40YACgkQyc8Kn0p/AZRDHQCglJg1SNUT0qN/PAWKyE1+CDHJ
VbQAn1ueb1AKs4SUXIj2iZi3CJapPrdP
=yyT5
-----END PGP SIGNATURE-----


More information about the users mailing list