dnssec validation, managed keys, and chaos view

Evan Hunt each at isc.org
Mon Feb 28 05:20:44 UTC 2011

> if i comment out dnssec-lookaside, or the chaos view, things seem to work
> ok.  i'm wondering what i can do to further diagnose what is happening.
> below is my configuration, with the (presumably) uninteresting bits
> removed.  i'm using 9.7.1, courtesy of ubuntu 10.10.

Try putting "dnssec-lookaside auto;" into all the non-chaos view
stanzas separately, and leaving it out of the chaos one.

In order for DLV to work, you server needs to be able to reach dlv.isc.org,
which isn't possible in a class-CH view.  The core dump is a particularly
pathological failure mode, but even if we fix that, the configuration
you're using still wouldn't work right.

I think named should reject or warn-and-ignore when it encounters 
managed-keys or dnssec-lookaside statements in non-IN views.  It hadn't
occurred to me to have it check for that; thanks!

Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.

More information about the bind-users mailing list