[Freeipa-users] dns zone forward - no valid signature found
lejeczek
peljasz at yahoo.co.uk
Wed Jul 6 14:37:55 UTC 2016
hi everybody
I think this was working some time ago, but for while
queries IPA's DNS forwards wound up like this:
validating @0x7f85dc00f9a0: swir.my.dom A: no valid
signature found
validating @0x7f85dc00f9a0: swir.my.dom A: bad cache hit
(swir.my.dom/DS)
error (broken trust chain) resolving 'swir.my.dom/A/IN':
192.168.2.100#53
dig at IPA DNS and nothing, logs:
validating @0x7f85e0134880: my.dom SOA: no valid
signature found
validating @0x7f85e0134880: my.dom NSEC: no valid
signature found
validating @0x7f85e0134880: swir.my.dom NSEC: no valid
signature found
validating @0x7f85e0134880: swir.my.dom NSEC: bad cache
hit (swir.my.dom/DS)
I dig +dnssec directly at the receiving server and result
seems normal, no errors.
IPA's dns is not dnsseced, is this the root of the problem?
Or what else might be?
bw.
L
More information about the Freeipa-users
mailing list