named validating @0x...: ... SOA: no valid signature found
marka at isc.org
Fri Jul 20 15:40:33 UTC 2012
In message <500978A5.4070109 at imperial.ac.uk>, Phil Mayers writes:
> On 20/07/12 16:21, Mark Andrews wrote:
> > In message <50096C2B.1080806 at interlinx.bc.ca>, "Brian J. Murrell" writes:
> >> Just for good measure, since I think I have posted this before, but here
> >> are the options I have set in my bind configuration with regard to dnssec=
> >> :
> >> dnssec-enable yes;
> >> dnssec-validation yes;
> >> dnssec-lookaside auto;
> FWIW, on 9.8 the only other line we have (for reasons of permissions) is:
> managed-keys-directory "/var/named/data/dynamic";
> I don't see why those 3 lines aren't sufficient for him?
> > Turn on validation using the root's DNSKEY.
> > auto-dnssec maintian;
> I thought that was for master zones, not recursion/validation? Or am I
> missing something?
My bad. "dnssec-validation auto;" is what I was thinking about.
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> bind-users mailing list
> bind-users at lists.isc.org
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users