DNS on F13
Rick Sewill
rsewill at gmail.com
Wed Nov 10 18:24:06 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/10/2010 10:28 AM, Paolo Galtieri wrote:
> On 11/10/10 00:13, François Patte wrote:
> Le 10/11/2010 00:14, Paolo Galtieri a écrit :
>>>> I had configured a local DNS server under F12 and everything was working
>>>> fine. I upgraded the system to F13 and
>>>> setup DNS again. Now I see the following errors.
>>>>
>>>> Nov 9 15:46:28 darkstar named[17913]: validating @0xb4e48968:
>>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov 9 15:46:28 darkstar named[17913]: error (insecurity proof failed)
>>>> resolving 'dlv.isc.org/DLV/IN<http://dlv.isc.org/DLV/IN>': 168.158.8.15#53
>>>> Nov 9 15:48:02 darkstar named[17913]: validating @0xb49766e8:
>>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov 9 15:48:02 darkstar named[17913]: validating @0xb4977160:
>>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov 9 15:48:02 darkstar named[17913]: validating @0xb4977bd8:
>>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov 9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
>>>> 'howtoforge.com.dlv.isc.org/DS/IN
>>>> <http://howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53
>>>> Nov 9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
>>>> resolving 'howtoforge.com.dlv.isc.org/DLV/IN
>>>> <http://howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53
>>>> Nov 9 15:48:02 darkstar named[17913]: validating @0xb4724d60:
>>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent
>>>> indicates it should be secure
>>>> Nov 9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving
>>>> 'www.howtoforge.com.dlv.isc.org/DS/IN
>>>> <http://www.howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53
>>>> Nov 9 15:48:02 darkstar named[17913]: error (insecurity proof failed)
>>>> resolving 'www.howtoforge.com.dlv.isc.org/DLV/IN
>>>> <http://www.howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53
>>>>
>>>> I have 2 servers configured in the forwarders section of named.conf
>>>>
>>>> forwarders { 68.2.16.30; 168.158.8.15; };
>>>>
>>>> It only complains about the second one.
>>>>
>>>> I found Bug 577639 which seems related, but it's marked closed notabug.
>>>>
>>>> So if it's not a bug why am I seeing these errors and how do I go about
>>>> resolving them?
>>>>
>>>> Is this a configuration issue on my side, or is this an issue with my ISP?
>>>>
>>>> The file "/etc/named.iscdlv.key" contains the correct key.
>>>>
>>>> Any assistance is appreciated.
>
> Did you test if it is not related to selinux?
>
>
> I don't believe it has anything to do with SElinux since the errors only
> show up for one of the 2 DNS servers I have listed in the forwarders
> entry. Also I don't get any SElinux alert messages.
> Paolo
May we see your /etc/named.conf file please?
I am wondering if you have an old /etc/named.conf file.
Please look for /etc/named.conf.rpmnew, and if it's there,
please compare the two files, save your current /etc/named.conf,
and mv /etc/named.conf.rpmnew /etc/named.conf
When I do,
[root at rsewill ~]# service named start
Starting named: [ OK ]
followed by
[root at rsewill ~]# host -a energy.gov localhost
<Too much stuff got printed to reproduce here without reason>
<Output looks reasonable>
I do not have bind-chroot installed. Are you using bind-chroot?
For this test, I am using
[root at rsewill ~]# rpm -q bind
bind-9.7.1-2.P2.fc13.x86_64
What version of bind are you using please?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkza40YACgkQyc8Kn0p/AZRDHQCglJg1SNUT0qN/PAWKyE1+CDHJ
VbQAn1ueb1AKs4SUXIj2iZi3CJapPrdP
=yyT5
-----END PGP SIGNATURE-----
More information about the users
mailing list