named validating @0x...: ... SOA: no valid signature found

Phil Mayers p.mayers at imperial.ac.uk
Fri Jul 20 15:14:21 UTC 2012


On 20/07/12 15:33, Brian J. Murrell wrote:
> On 12-07-20 09:11 AM, Phil Mayers wrote:
>>
>> Or, what happens if you start bind up in debug mode and run the query?
>> There will be a lot of output, but I've found most problems to be fairly
>> obvious if you read through it.
>
> Yeah, there is a lot of output.  Too big of a haystack for me to find
> the needle I'm afraid.  I probably had way too much debug enabled.  I'd
> be happy to trim it back if desired.  Just tell me which categories
> you'd want to see and what severity to set.
>
> In any case, the log is at
> http://brian.interlinx.bc.ca/119.in-addr.arpa.debug and the query I did was:
>


A quick skim suggests that you aren't able to validate the root, but are 
able to validate DLV, which is why a subset of sites are working - those 
still with DLV entries.

If you can validate www.ic.ac.uk but not www.cam.ac.uk (who have now 
left DLV) then this might confirm it.

No idea why the root isn't valid for you, given you are running a recent 
bind - presumably the managed-keys config is messed up somehow.

Have you tried a clean install; blow away the entire /var/named and 
config hierarchy and start again?



More information about the bind-users mailing list