As suggested... r...@localhost:~/ uname -a Linux localhost.localdomain 2.6.18-164.2.1.el5 #1 SMP Mon Sep 21 04:37:42 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
> Here is a hint of what is in the info and debug log... > > ** info ** > 23-Oct-2009 16:47:23.543 general: error: socket.c:4922: > unexpected error: > 23-Oct-2009 16:47:23.543 general: error: 22/Invalid > argument > 23-Oct-2009 16:47:25.249 general: error: socket.c:4922: > unexpected error: > 23-Oct-2009 16:47:25.249 general: error: 22/Invalid > argument > 23-Oct-2009 16:47:27.064 general: error: socket.c:4922: > unexpected error: > 23-Oct-2009 16:47:27.064 general: error: 22/Invalid > argument > 23-Oct-2009 16:47:28.785 general: error: socket.c:4922: > unexpected error: > 23-Oct-2009 16:47:28.785 general: error: 22/Invalid > argument > > ** debug ** > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): start > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): try > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): cancelqueries > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): getaddresses > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): query > 23-Oct-2009 16:47:27.064 resolver: debug 3: resquery > 0x2aaaab2f4010 (fctx 0x2aaaab2ed010(123xyz.TLD/ANY)): send > 23-Oct-2009 16:47:27.064 general: error: socket.c:4922: > unexpected error: > 23-Oct-2009 16:47:27.064 general: error: 22/Invalid > argument > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): done > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): stopeverything > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): cancelqueries > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): sendevents > 23-Oct-2009 16:47:27.064 query-errors: debug 1: client > 10.10.10.10#40629: query failed (SERVFAIL) for > 123xyz.TLD/IN/ANY at query.c:4619 > 23-Oct-2009 16:47:27.064 client: debug 3: client > 10.10.10.10#40629: error > 23-Oct-2009 16:47:27.064 client: debug 3: client > 10.10.10.10#40629: send > 23-Oct-2009 16:47:27.064 client: debug 3: client > 10.10.10.10#40629: sendto > 23-Oct-2009 16:47:27.064 client: debug 3: client > 10.10.10.10#40629: senddone > 23-Oct-2009 16:47:27.064 client: debug 3: client > 10.10.10.10#40629: next > 23-Oct-2009 16:47:27.064 client: debug 3: client > 10.10.10.10#40629: endrequest > 23-Oct-2009 16:47:27.064 query-errors: debug 2: fetch > completed at resolver.c:3015 for 123xyz.TLD/ANY in 0.000527: > unexpected error/success > [domain:.,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0] > 23-Oct-2009 16:47:27.064 resolver: debug 3: fetch > 0x2b8f4e85c830 (fctx 0x2aaaab2ed010(123xyz.TLD/ANY)): > destroyfetch > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): shutdown > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): doshutdown > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): stopeverything > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): cancelqueries > 23-Oct-2009 16:47:27.064 resolver: debug 3: fctx > 0x2aaaab2ed010(123xyz.TLD/ANY'): destroy > 23-Oct-2009 16:47:27.078 client: debug 3: client > 10.10.10.10#38984: UDP request > 23-Oct-2009 16:47:27.078 security: debug 3: client > 10.10.10.10#38984: request is not signed > 23-Oct-2009 16:47:27.078 security: debug 3: client > 10.10.10.10#38984: recursion available > 23-Oct-2009 16:47:27.078 client: debug 3: client > 10.10.10.10#38984: query > 23-Oct-2009 16:47:27.078 security: debug 3: client > 10.10.10.10#38984: query (cache) 'TLD/DNSKEY/IN' approved > 23-Oct-2009 16:47:27.078 client: debug 3: client > 10.10.10.10#38984: send > 23-Oct-2009 16:47:27.078 client: debug 3: client > 10.10.10.10#38984: sendto > 23-Oct-2009 16:47:27.078 client: debug 3: client > 10.10.10.10#38984: senddone > 23-Oct-2009 16:47:27.078 client: debug 3: client > 10.10.10.10#38984: next > 23-Oct-2009 16:47:27.078 client: debug 3: client > 10.10.10.10#38984: endrequest > 23-Oct-2009 16:47:27.078 client: debug 3: client @0xc49c30: > udprecv > 23-Oct-2009 16:47:28.784 client: debug 3: client > 10.10.10.10#50188: UDP request > 23-Oct-2009 16:47:28.784 security: debug 3: client > 10.10.10.10#50188: request is not signed > 23-Oct-2009 16:47:28.784 security: debug 3: client > 10.10.10.10#50188: recursion available > 23-Oct-2009 16:47:28.784 client: debug 3: client > 10.10.10.10#50188: query > 23-Oct-2009 16:47:28.784 security: debug 3: client > 10.10.10.10#50188: query (cache) 'www.123xyz.TLD/ANY/IN' > approved > 23-Oct-2009 16:47:28.785 client: debug 3: client > 10.10.10.10#50188: replace > 23-Oct-2009 16:47:28.785 general: debug 3: clientmgr > @0x2b8f4e86a3b8: createclients > 23-Oct-2009 16:47:28.785 general: debug 3: clientmgr > @0x2b8f4e86a3b8: recycle > 23-Oct-2009 16:47:28.785 resolver: debug 1: createfetch: > www.123xyz.TLD ANY > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): create > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): join > 23-Oct-2009 16:47:28.785 resolver: debug 3: fetch > 0x2b8f4e85c830 (fctx 0x2aaaab167010(www.123xyz.TLD/ANY)): > created > 23-Oct-2009 16:47:28.785 client: debug 3: client @0xd50050: > udprecv > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): start > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): try > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): cancelqueries > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): getaddresses > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): query > 23-Oct-2009 16:47:28.785 resolver: debug 3: resquery > 0x2aaaab16e010 (fctx 0x2aaaab167010(www.123xyz.TLD/ANY)): > send > 23-Oct-2009 16:47:28.785 general: error: socket.c:4922: > unexpected error: > 23-Oct-2009 16:47:28.785 general: error: 22/Invalid > argument > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): done > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): stopeverything > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): cancelqueries > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): sendevents > 23-Oct-2009 16:47:28.785 query-errors: debug 1: client > 10.10.10.10#50188: query failed (SERVFAIL) for > www.123xyz.TLD/IN/ANY at query.c:4619 > 23-Oct-2009 16:47:28.785 client: debug 3: client > 10.10.10.10#50188: error > 23-Oct-2009 16:47:28.785 client: debug 3: client > 10.10.10.10#50188: send > 23-Oct-2009 16:47:28.785 client: debug 3: client > 10.10.10.10#50188: sendto > 23-Oct-2009 16:47:28.785 client: debug 3: client > 10.10.10.10#50188: senddone > 23-Oct-2009 16:47:28.785 client: debug 3: client > 10.10.10.10#50188: next > 23-Oct-2009 16:47:28.785 client: debug 3: client > 10.10.10.10#50188: endrequest > 23-Oct-2009 16:47:28.785 query-errors: debug 2: fetch > completed at resolver.c:3015 for www.123xyz.TLD/ANY in > 0.000483: unexpected error/success > [domain:.,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0] > 23-Oct-2009 16:47:28.785 resolver: debug 3: fetch > 0x2b8f4e85c830 (fctx 0x2aaaab167010(www.123xyz.TLD/ANY)): > destroyfetch > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): shutdown > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): doshutdown > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): stopeverything > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): cancelqueries > 23-Oct-2009 16:47:28.785 resolver: debug 3: fctx > 0x2aaaab167010(www.123xyz.TLD/ANY'): destroy > 23-Oct-2009 16:47:28.802 client: debug 3: client > 10.10.10.10#56597: UDP request > 23-Oct-2009 16:47:28.802 security: debug 3: client > 10.10.10.10#56597: request is not signed > 23-Oct-2009 16:47:28.802 security: debug 3: client > 10.10.10.10#56597: recursion available > 23-Oct-2009 16:47:28.802 client: debug 3: client > 10.10.10.10#56597: query > 23-Oct-2009 16:47:28.802 security: debug 3: client > 10.10.10.10#56597: query (cache) 'TLD/DNSKEY/IN' approved > 23-Oct-2009 16:47:28.802 client: debug 3: client > 10.10.10.10#56597: send > 23-Oct-2009 16:47:28.802 client: debug 3: client > 10.10.10.10#56597: sendto > 23-Oct-2009 16:47:28.802 client: debug 3: client > 10.10.10.10#56597: senddone > 23-Oct-2009 16:47:28.802 client: debug 3: client > 10.10.10.10#56597: next > 23-Oct-2009 16:47:28.802 client: debug 3: client > 10.10.10.10#56597: endrequest > 23-Oct-2009 16:47:28.802 client: debug 3: client @0xd25b00: > udprecv > > > > > --- On Fri, 10/23/09, Alexa Petrean <apetr...@bluecatnetworks.com> > wrote: > > > From: Alexa Petrean <apetr...@bluecatnetworks.com> > > Subject: RE: dnssec enabled recursive server > > To: "Pamela Rock" <prock...@yahoo.com> > > Date: Friday, October 23, 2009, 4:12 PM > > I suppose you flushed the cache on > > the resolver too (rndc flush). If not, you might need > to do > > it. > > Btw: any error message in the syslog file? It might > be > > helpful to enable DNSSEC logging too, for debugging > > purposes. > > > > -----Original Message----- > > From: Pamela Rock [mailto:prock...@yahoo.com] > > > > Sent: Friday, October 23, 2009 4:05 PM > > To: Alexa Petrean > > Subject: RE: dnssec enabled recursive server > > > > Yes. This is in my named.conf file. > > > > trusted-keys { > > "TLD." 257 3 7 "AwE..."; > > > > > > > > --- On Fri, 10/23/09, Alexa Petrean <apetr...@bluecatnetworks.com> > > wrote: > > > > > From: Alexa Petrean <apetr...@bluecatnetworks.com> > > > Subject: RE: dnssec enabled recursive server > > > To: bind-us...@isc.org > > > Date: Friday, October 23, 2009, 3:59 PM > > > Have you configured the trusted > > > anchor for the signed TLD on your > > > recursive server? > > > > > > -----Original Message----- > > > From: bind-users-boun...@lists.isc.org > > > [mailto:bind-users-boun...@lists.isc.org] > > > On Behalf Of Pamela Rock > > > Sent: Friday, October 23, 2009 3:07 PM > > > To: bind-us...@isc.org > > > Subject: dnssec enabled recursive server > > > > > > This environment is in a lab. > > > > > > I have a DNSSEC enabled server with a signed > .TLD > > zone > > > (again, in a > > > lab). I have a client that can accurately run > > queries > > > against the > > > signed .TLD zone. > > > > > > So this works... > > > > > > DNSSEC Enabled Client => DNSSEC Enabled > > > .TLD > > > > > > I'm trying to put a recursive BIND 9.6.1-P1 > server > > between > > > .TLD and the > > > client. > > > > > > DNSSEC Enabled Client => Recursive BIND > > > => DNSSEC Enabled .TLD > > > > > > I setup the cache file on the recursive BIND to > point > > all > > > root servers > > > to the DNSSEC Enabled .TLD. I enabled > dnssec-enable > > > and > > > dnssec-validation in the named.conf. I pulled > the > > > keys from DNSSEC > > > Enabled .TLD using dig +dnssec com > @test.server.TLD > > and put > > > them in the > > > named.conf. Yet my recursive DNSSEC 9.6.1 > server > > does > > > not answer DNSSEC > > > queries from the client. > > > > > > Any hints or clues to how to make the recursive > DNSSEC > > work > > > would be > > > appreciated. Thanks in advanced. > > > > > > > > > > > > _______________________________________________ > > > bind-users mailing list > > > bind-users@lists.isc.org > > > https://lists.isc.org/mailman/listinfo/bind-users > > > _______________________________________________ > > > bind-users mailing list > > > bind-users@lists.isc.org > > > https://lists.isc.org/mailman/listinfo/bind-users > > > > > > > > > > > > > > > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users