On 2019-09-17 13:01, John Covici wrote: > > > Also, when I restart named (which I have now done automatically by > > > systemd) it gives me a lot of errors like the following: > > > Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no > > > valid signature found > > > or this: > > > Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no > > > valid signature found > > > > This looks like a DNSSEC problem. I don't run bind on my gentoo system, > > but I did this:
> > [snipped] > > Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and > > libcrypto) part of the output? > libcrypto is there along with libgnutls, but no libssl. Ok, so it probably is built with DNSSEC support. How do you populate your cache? Do you recurse to the root servers, or do you have a "forwarder" (for example, your ISP server) to which you pass all queries that miss the cache? -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
