named validating @0x...: ... SOA: no valid signature found
Mark Andrews
marka at isc.org
Fri Jul 20 15:40:33 UTC 2012
In message <500978A5.4070109 at imperial.ac.uk>, Phil Mayers writes:
> On 20/07/12 16:21, Mark Andrews wrote:
> >
> > In message <50096C2B.1080806 at interlinx.bc.ca>, "Brian J. Murrell" writes:
> >> Just for good measure, since I think I have posted this before, but here
> >> are the options I have set in my bind configuration with regard to dnssec=
> >> :
> >>
> >> dnssec-enable yes;
> >> dnssec-validation yes;
> >> dnssec-lookaside auto;
>
> FWIW, on 9.8 the only other line we have (for reasons of permissions) is:
>
> managed-keys-directory "/var/named/data/dynamic";
>
> I don't see why those 3 lines aren't sufficient for him?
>
> >
> > Turn on validation using the root's DNSKEY.
> >
> > auto-dnssec maintian;
>
> I thought that was for master zones, not recursion/validation? Or am I
> missing something?
My bad. "dnssec-validation auto;" is what I was thinking about.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list