named validating @0x...: ... SOA: no valid signature found

Phil Mayers p.mayers at
Fri Jul 20 15:26:29 UTC 2012

On 20/07/12 16:21, Mark Andrews wrote:
> In message <50096C2B.1080806 at>, "Brian J. Murrell" writes:
>> Just for good measure, since I think I have posted this before, but here
>> are the options I have set in my bind configuration with regard to dnssec=
>> :
>>          dnssec-enable yes;
>>          dnssec-validation yes;
>>          dnssec-lookaside auto;

FWIW, on 9.8 the only other line we have (for reasons of permissions) is:

   managed-keys-directory "/var/named/data/dynamic";

I don't see why those 3 lines aren't sufficient for him?

> Turn on validation using the root's DNSKEY.
> 	auto-dnssec maintian;

I thought that was for master zones, not recursion/validation? Or am I 
missing something?

More information about the bind-users mailing list