named validating @0x...: ... SOA: no valid signature found
Brian J. Murrell
brian at interlinx.bc.ca
Sat Jul 21 14:38:26 UTC 2012
On 12-07-20 07:16 PM, Mark Andrews wrote:
>
> "dnssec-validation auto;"
Well, this seems to have done the trick. Changing it from yes to auto
has eliminated most (almost all in fact) of the validation
warnings/errors I was getting in my logs.
> tells named to use the compiled
> in root key in addition to enabling validation.
Ahhhh. So "yes" just enables validation but doesn't use any compiled in
root key? If so, this is an annoying (all due respect) and small but
important distinction.
I'm not sure about anyone else, but a yes/no/auto selector to me means
either an explicit yes or explicit no with auto meaning some kind of "do
what you think is right" in terms of making it yes or no. I don't
typically think of it as no or yes plus some additional functionality.
Anyway, you have my since appreciation for persevering with me in my
efforts to figure this out.
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120721/88106728/attachment.bin>
More information about the bind-users
mailing list