-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/10/2010 10:28 AM, Paolo Galtieri wrote: > On 11/10/10 00:13, François Patte wrote: > Le 10/11/2010 00:14, Paolo Galtieri a écrit : >>>> I had configured a local DNS server under F12 and everything was working >>>> fine. I upgraded the system to F13 and >>>> setup DNS again. Now I see the following errors. >>>> >>>> Nov 9 15:46:28 darkstar named[17913]: validating @0xb4e48968: >>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >>>> indicates it should be secure >>>> Nov 9 15:46:28 darkstar named[17913]: error (insecurity proof failed) >>>> resolving 'dlv.isc.org/DLV/IN<http://dlv.isc.org/DLV/IN>': 168.158.8.15#53 >>>> Nov 9 15:48:02 darkstar named[17913]: validating @0xb49766e8: >>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >>>> indicates it should be secure >>>> Nov 9 15:48:02 darkstar named[17913]: validating @0xb4977160: >>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >>>> indicates it should be secure >>>> Nov 9 15:48:02 darkstar named[17913]: validating @0xb4977bd8: >>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >>>> indicates it should be secure >>>> Nov 9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving >>>> 'howtoforge.com.dlv.isc.org/DS/IN >>>> <http://howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53 >>>> Nov 9 15:48:02 darkstar named[17913]: error (insecurity proof failed) >>>> resolving 'howtoforge.com.dlv.isc.org/DLV/IN >>>> <http://howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53 >>>> Nov 9 15:48:02 darkstar named[17913]: validating @0xb4724d60: >>>> dlv.isc.org<http://dlv.isc.org> SOA: got insecure response; parent >>>> indicates it should be secure >>>> Nov 9 15:48:02 darkstar named[17913]: error (no valid RRSIG) resolving >>>> 'www.howtoforge.com.dlv.isc.org/DS/IN >>>> <http://www.howtoforge.com.dlv.isc.org/DS/IN>': 168.158.8.15#53 >>>> Nov 9 15:48:02 darkstar named[17913]: error (insecurity proof failed) >>>> resolving 'www.howtoforge.com.dlv.isc.org/DLV/IN >>>> <http://www.howtoforge.com.dlv.isc.org/DLV/IN>': 168.158.8.15#53 >>>> >>>> I have 2 servers configured in the forwarders section of named.conf >>>> >>>> forwarders { 68.2.16.30; 168.158.8.15; }; >>>> >>>> It only complains about the second one. >>>> >>>> I found Bug 577639 which seems related, but it's marked closed notabug. >>>> >>>> So if it's not a bug why am I seeing these errors and how do I go about >>>> resolving them? >>>> >>>> Is this a configuration issue on my side, or is this an issue with my ISP? >>>> >>>> The file "/etc/named.iscdlv.key" contains the correct key. >>>> >>>> Any assistance is appreciated. > > Did you test if it is not related to selinux? > > > I don't believe it has anything to do with SElinux since the errors only > show up for one of the 2 DNS servers I have listed in the forwarders > entry. Also I don't get any SElinux alert messages. > Paolo May we see your /etc/named.conf file please? I am wondering if you have an old /etc/named.conf file. Please look for /etc/named.conf.rpmnew, and if it's there, please compare the two files, save your current /etc/named.conf, and mv /etc/named.conf.rpmnew /etc/named.conf When I do, [root@rsewill ~]# service named start Starting named: [ OK ] followed by [root@rsewill ~]# host -a energy.gov localhost <Too much stuff got printed to reproduce here without reason> <Output looks reasonable> I do not have bind-chroot installed. Are you using bind-chroot? For this test, I am using [root@rsewill ~]# rpm -q bind bind-9.7.1-2.P2.fc13.x86_64 What version of bind are you using please? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkza40YACgkQyc8Kn0p/AZRDHQCglJg1SNUT0qN/PAWKyE1+CDHJ VbQAn1ueb1AKs4SUXIj2iZi3CJapPrdP =yyT5 -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
