Single nameserver doesn't show signed SOA-RRs

Stefan Foerster cite at
Wed Jun 29 20:57:17 UTC 2011

Hello world,

I'm having a problem with a single authoritative server that seems to
not receive a signed zone.

I used to check the zones and and it complains that doesn't have a
signed SOA. I already tried increasing the serial for those zones to
retransfer them, but the error seems to persist.

The affected nameserver is a Debian/lenny running 9.6.ESV.R4, the two
other nameservers are Debian/squeeze running 9.7.3.

On the affected nameserver, the only configuration with regards to
DNSSEC was to add "dnssec-enable yes;" to the named configuration file
(and restart it afterwards).

Can anyone enlighten me on what I'm doing wrong here? I'd like to iron
out this before I submit my keys to my registrar.


More information about the bind-users mailing list