Querying directly a nameserver works, while forwarding not
stenc at s-carlsen.dk
Wed Dec 5 22:07:57 UTC 2012
On 05/12/12 18:29, Hauke Lampe wrote:
> On 05.12.2012 14:59, Daniele Imbrogino wrote:
>> resolv.conf contains only 127.0.0.1 as nameserver.
>> The syslog contains a lot of errors as "insecurity proof failed", "no
>> RRSIG", "got insecure response" that I don't understand.
> Your forwarder probably doesn't handle DNSSEC responses well.
> Therefore your BIND cannot validate the answers and returns a failure
> Either update the forwarder/enable DNSSEC (older versions of BIND 9
> require "dnssec-enable yes;" in the options clause), or disable DNSSEC
> validation in your local BIND (set "dnssec-validation no;").
Or consider not doing forwarding, that usually gives fewer problems if
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users