BIND DNSSEC-Validation issue sceggs.nsw.edu.au
Neil
neil20 at iprimus.com.au
Tue Sep 13 05:12:23 UTC 2011
Hi BIND Users
I am currently trialing Bind v9.8.1 and have come across a issue with 1 particular domain.
For some reason when I query the below domain on bind resolver-cache nothing gets returned.?
dig @<server> sceggs.nsw.edu.au ns
The debug logs show
13-Sep-2011 10:11:27.272 query-errors: debug 1: client 203.134.1.70#10309: view host_resolver_trusted: query failed (SERVFAIL) for sceggs.nsw.edu.au/IN/NS at query.c:6195
13-Sep-2011 10:11:27.272 query-errors: debug 2: fetch completed at resolver.c:3160 for sceggs.nsw.edu.au/NS in 30.000122: timed out/success [domain:sceggs.nsw.edu.au,referral:0,restart:7,qrysent:7,timeout:6,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
named.conf has the below settings for dnssec
dnssec-enable yes;
dnssec-validation auto;
Even with the below and managed-keys still does not work
dnssec-enable yes;
dnssec-validation yes;
The only way a result is given is to turn off dnssec-validation then it works!
"dnssec-validation no;"
Only then a result is given for the query. The domain is in the AU space which is not
currently signed. So I don't know why this would affect sec-validation and the queried domain?
Also noticed its happening in 9.7.2-P3
Any ideas why this is happening and how to fix it without loosing dnssec-validation?
Does anyone else have the same issue with the above scenario?
Thanks
Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110913/5fd32374/attachment.html>
More information about the bind-users
mailing list