F12 Bind and Dnssec
Ed Gurski
ed at gurski.com
Wed Nov 25 15:21:40 UTC 2009
Date: Tue, 24 Nov 2009 08:22:21 -0800
> From: wolfgang.rupprecht at gmail.com (Wolfgang S. Rupprecht)
> Subject: Re: F12 Bind and Dnssec
> To: <fedora-list at redhat.com>
> Message-ID: <87ljhvgaf6.fsf at arbol.wsrcc.com>
> Content-Type: text/plain; charset=us-ascii
>
>
> Ed Gurski <ed at gurski.com> writes:
> > I noticed that early this morning, changed it and still had the same
> > problem. I'm wondering if SELinux is getting in the way?
>
> It is still saying "expected IP address near 'dnssec-enable'"? This is
> after a "service dns restart"? You are really editing /etc/named.conf
> and there isn't a typo somewhere?
>
> That doesn't feel like an selinux issue at all. It seems like the BIND
> parser thinks you are giving it the dnssec-enable in the context where
> it was expecting an address.
>
> I wonder if "named-checkconf" will tell you anything useful.
>
> -wolfgang
Wolfgang:
Found the problem. It wasn't anything I waas looking at. Instead it was
the file /etc/pki/dnssec-keys/named.dnssec.keys file that was corrupted?
Not sure how that happened, but I installed Bind on another F12 machine
with the same configuration (except the DNS server was the new machine)
and everything worked. I then noticed that the named.dnssec.key file
size was different, so I copied it over and now it's working properly.
I still get no valid DS resolving xxxxxx, so I'm not sure what else I
need to do...
thanks again and sorry for the late reply...
--
Ed Gurski
Linux User
# 458454 http://counter.li.org
On Tue, 2009-11-24 at 12:00 -0500, fedora-list-request at redhat.com wrote:
More information about the fedora-list
mailing list