Querying directly a nameserver works, while forwarding not
Sten Carlsen
stenc at s-carlsen.dk
Wed Dec 5 22:07:57 UTC 2012
On 05/12/12 18:29, Hauke Lampe wrote:
> On 05.12.2012 14:59, Daniele Imbrogino wrote:
>
>> resolv.conf contains only 127.0.0.1 as nameserver.
>>
>> The syslog contains a lot of errors as "insecurity proof failed", "no
>> valid
>> RRSIG", "got insecure response" that I don't understand.
>
> Your forwarder probably doesn't handle DNSSEC responses well.
> Therefore your BIND cannot validate the answers and returns a failure
> code.
>
> Either update the forwarder/enable DNSSEC (older versions of BIND 9
> require "dnssec-enable yes;" in the options clause), or disable DNSSEC
> validation in your local BIND (set "dnssec-validation no;").
Or consider not doing forwarding, that usually gives fewer problems if
possible.
>
>
>
> Hauke
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121205/66cad48a/attachment.html>
More information about the bind-users
mailing list