named validating @0x...: ... SOA: no valid signature found
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jul 20 15:14:21 UTC 2012
On 20/07/12 15:33, Brian J. Murrell wrote:
> On 12-07-20 09:11 AM, Phil Mayers wrote:
>>
>> Or, what happens if you start bind up in debug mode and run the query?
>> There will be a lot of output, but I've found most problems to be fairly
>> obvious if you read through it.
>
> Yeah, there is a lot of output. Too big of a haystack for me to find
> the needle I'm afraid. I probably had way too much debug enabled. I'd
> be happy to trim it back if desired. Just tell me which categories
> you'd want to see and what severity to set.
>
> In any case, the log is at
> http://brian.interlinx.bc.ca/119.in-addr.arpa.debug and the query I did was:
>
A quick skim suggests that you aren't able to validate the root, but are
able to validate DLV, which is why a subset of sites are working - those
still with DLV entries.
If you can validate www.ic.ac.uk but not www.cam.ac.uk (who have now
left DLV) then this might confirm it.
No idea why the root isn't valid for you, given you are running a recent
bind - presumably the managed-keys config is messed up somehow.
Have you tried a clean install; blow away the entire /var/named and
config hierarchy and start again?
More information about the bind-users
mailing list