Bind failures following update/reboot w/ 9.18.1
Philip Prindeville
philipp_subx at redfish-solutions.com
Fri May 13 16:06:44 UTC 2022
After rebooting my OpenWRT router with Bind 9.18.1 yesterday, I started seeing a lot of:
May 12 19:24:06 OpenWrt named[11061]: validating ./NS: no valid signature found
May 12 19:24:06 OpenWrt named[11061]: validating net/DS: no valid signature found
May 12 19:24:06 OpenWrt named[11061]: no valid RRSIG resolving './NS/IN': 192.203.230.10#53
May 12 19:24:06 OpenWrt named[11061]: no valid RRSIG resolving 'net/DS/IN': 8.8.4.4#53
May 12 19:24:06 OpenWrt named[11061]: validating com/DS: no valid signature found
May 12 19:24:06 OpenWrt named[11061]: no valid RRSIG resolving 'com/DS/IN': 8.8.4.4#53
May 12 19:24:06 OpenWrt named[11061]: validating net/DS: no valid signature found
May 12 19:24:06 OpenWrt named[11061]: no valid RRSIG resolving 'net/DS/IN': 66.232.64.10#53
May 12 19:24:06 OpenWrt named[11061]: validating com/DS: no valid signature found
May 12 19:24:06 OpenWrt named[11061]: no valid RRSIG resolving 'com/DS/IN': 66.232.64.10#53
In my options, I had:
dnssec-validation auto;
But had to turn this off. It had been working. This is a production firewall/router.
What troubleshooting should I do to fix this?
I had tried:
rndc managed-keys refresh
rndc managed-keys sync
But don't understand why that would have been necessary unless the root keys got updated recently.
Scrolling to the very top of the logs I see:
May 12 19:24:04 OpenWrt named[11061]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Thanks,
-Philip
More information about the bind-users
mailing list