Single nameserver doesn't show signed SOA-RRs
Mark Andrews
marka at isc.org
Thu Jun 30 00:39:51 UTC 2011
Contact the adminstrator of the server and request that they stop
disabling dnssec. "dnssec-enable yes;" is the default for all
version except 9.3.x.
% grep dnssec-enable 9.?.x/bin/named/config.c
9.3.x/bin/named/config.c: dnssec-enable no; /* Make yes for 9.4. */ \n\
9.4.x/bin/named/config.c: dnssec-enable yes;\n\
9.5.x/bin/named/config.c: dnssec-enable yes;\n\
9.6.x/bin/named/config.c: dnssec-enable yes;\n\
9.7.x/bin/named/config.c: dnssec-enable yes;\n\
9.8.x/bin/named/config.c: dnssec-enable yes;\n\
%
Mark
In message <4E0BB211.2030000 at provocation.net>, Zenon Panoussis writes:
>
> On 06/29/2011 10:57 PM, Stefan Foerster wrote:
>
> > ...it complains that ns3.wars-nicht.de doesn't have a
> > signed SOA.
>
> It complains that the SOA of wars-nicht.de itself is not signed, or that
> ns3.wars-nicht.de does not have a signed SOA for billigmail.org and
> incertum.net?
>
> > I already tried increasing the serial for those zones to retransfer them,
> > but the error seems to persist.
>
> Check whether the zone transfer actually took place. Even if you increase
> the serial and send notifies, there could be a misconfiguration somewhere
> preventing the notifies from getting through or the tranfer from taking
> place.
>
> Looking at them now, all three seem to have the same serial, 2011062902
> for both domains.
>
> Z
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list