named validating @0x...: ... SOA: no valid signature found

Brian J. Murrell brian at
Fri Jul 20 14:33:15 UTC 2012

On 12-07-20 09:11 AM, Phil Mayers wrote:
> Or, what happens if you start bind up in debug mode and run the query?
> There will be a lot of output, but I've found most problems to be fairly
> obvious if you read through it.

Yeah, there is a lot of output.  Too big of a haystack for me to find
the needle I'm afraid.  I probably had way too much debug enabled.  I'd
be happy to trim it back if desired.  Just tell me which categories
you'd want to see and what severity to set.

In any case, the log is at and the query I did was:

dig +dnssec @localhost SOA

The log should be as brief as it can be as I started named, did the
query and waited for the response and then stopped bind.

Just for good measure, since I think I have posted this before, but here
are the options I have set in my bind configuration with regard to dnssec:

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the bind-users mailing list