Hello everybody. My DNS server (bind-9.7.3-2.el6_1.P3.3.x86_64 running on SL 6.1) stopped resolving ftp.scientificlinux.org, ftp1.scientificlinux.org and such! In logs it writes about probing every parent dns server in config and then finally gives up.
$ host ftp.scientificlinux.org Host ftp.scientificlinux.org not found: 3(NXDOMAIN) in logs: Dec 5 19:13:49 lime named[2109]: validating @0x7f719007dfe0: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:49 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.4.4#53 Dec 5 19:13:49 lime named[2109]: validating @0x7f7194018900: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:49 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.8.8#53 Dec 5 19:13:49 lime named[2109]: validating @0x7f7188067920: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:49 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.71#53 Dec 5 19:13:49 lime named[2109]: validating @0x7f71900ab2b0: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:49 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.70#53 Dec 5 19:13:49 lime named[2109]: validating @0x7f719007dfe0: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:49 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.124.252.22#53 Dec 5 19:13:49 lime named[2109]: validating @0x7f7194018900: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:49 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:910:1::2#53 Dec 5 19:13:50 lime named[2109]: validating @0x7f7198603180: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:50 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.128.2.10#53 Dec 5 19:13:50 lime named[2109]: validating @0x7f71900ba5f0: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:50 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:6000::22#53 Dec 5 19:13:50 lime named[2109]: validating @0x7f7194018900: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:50 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.129.252.34#53 Dec 5 19:13:50 lime named[2109]: validating @0x7f719862a1a0: fnal.gov DNSKEY: no valid signature found (DS) Dec 5 19:13:50 lime named[2109]: error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:14:2::10#53 Dec 5 19:13:50 lime named[2109]: error (broken trust chain) resolving 'linux9.fnal.gov/A/IN': 8.8.8.8#53 I tried restarting it, didn't help. Is something broken on my side or SL side? Looks like my DNS server resolves other names, including DNSSEC-secured ones. -- Vladimir