On 11/10/10 00:13, François Patte wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Le 10/11/2010 00:14, Paolo Galtieri a écrit : >> I had configured a local DNS server under F12 and everything was working >> fine. I upgraded the system to F13 and >> setup DNS again. Now I see the following errors. >> >> Nov 9 15:46:28 darkstar named[17913]: validating @0xb4e48968: >> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >> indicates it should be secure >> Nov 9 15:46:28 darkstar named[17913]: error (insecurity proof failed) >> resolving 'dlv.isc.org/DLV/IN<http://dlv.isc.org/DLV/IN>': 168.158.8.15#53 >> Nov 9 15:48:02 darkstar named[17913]: validating @0xb49766e8: >> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >> indicates it should be secure >> Nov 9 15:48:02 darkstar named[17913]: validating @0xb4977160: >> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >> indicates it should be secure >> Nov 9 15:48:02 darkstar named[17913]: validating @0xb4977bd8: >> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >> indicates it should be secure >> Nov 9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving >> 'howtoforge.com.dlv.isc.org/DS/IN >> <http://howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53 >> Nov 9 15:48:02 darkstar named[17913]: error (insecurity proof failed) >> resolving 'howtoforge.com.dlv.isc.org/DLV/IN >> <http://howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53 >> Nov 9 15:48:02 darkstar named[17913]: validating @0xb4724d60: >> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >> indicates it should be secure >> Nov 9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving >> 'www.howtoforge.com.dlv.isc.org/DS/IN >> <http://www.howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53 >> Nov 9 15:48:02 darkstar named[17913]: error (insecurity proof failed) >> resolving 'www.howtoforge.com.dlv.isc.org/DLV/IN >> <http://www.howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53 >> >> I have 2 servers configured in the forwarders section of named.conf >> >> forwarders { 68.2.16.30; 168.158.8.15; }; >> >> It only complains about the second one. >> >> I found Bug 577639 which seems related, but it's marked closed notabug. >> >> So if it's not a bug why am I seeing these errors and how do I go about >> resolving them? >> >> Is this a configuration issue on my side, or is this an issue with my ISP? >> >> The file "/etc/named.iscdlv.key" contains the correct key. >> >> Any assistance is appreciated. > > Did you test if it is not related to selinux? > > > - -- > François Patte > UFR de mathématiques et informatique > Université Paris Descartes > 45, rue des Saints Pères > F-75270 Paris Cedex 06 > Tél. +33 (0)1 8394 5849 > http://www.math-info.univ-paris5.fr/~patte > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkzaRhoACgkQdE6C2dhV2JVEoACfTxAXzHh2IQv6IkkyHTFptPzi > 5lcAnjXuCgQ1bRJTkH12+CnWddFxlw+L > =RWDS > -----END PGP SIGNATURE----- I don't believe it has anything to do with SElinux since the errors only show up for one of the 2 DNS servers I have listed in the forwarders entry. Also I don't get any SElinux alert messages. Paolo -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
