named stops resolving anything -- dnssec issue
Jonathan Kamens
jik at kamens.brookline.ma.us
Sun Apr 5 05:04:41 UTC 2009
At around 8:45pm Saturday night (US/Eastern) named suddenly stopped
being able to resolve anything. It had been running for over two days
when this started happening, and nothing changed in the config files to
provoke it.
It started logging messages like this when the failures started:
Apr 4 20:45:03 jik2 named[2122]: no valid KEY resolving
'dlv.isc.org/DNSKEY/IN': 199.6.0.30#53
Apr 4 20:45:05 jik2 named[2122]: validating @0xb4c0acb0:
com.dlv.isc.org DS: must be secure failure
Apr 4 20:45:06 jik2 named[2122]: must-be-secure resolving
'com.dlv.isc.org/DS/IN': 199.6.1.30#53
Apr 4 20:45:06 jik2 named[2122]: no valid DS resolving
'feedburner.com.dlv.isc.org/DLV/IN': 149.20.64.3#53
(These are excerpts, not continuous spans of log entries, but you get
the idea.)
I commented out the dnssec settings that had been added to my named.conf
by a recent update and restarted named, and everything started working
again.
I have bind-9.6.1-0.1.b1.fc11.
jik
More information about the fedora-test-list
mailing list