named validating @0x...: ... SOA: no valid signature found

Brian J. Murrell brian at interlinx.bc.ca
Tue May 15 12:22:57 UTC 2012


On 12-05-02 09:29 AM, Mark Andrews wrote:
>  
> * a firewall blocking EDNS queries.
> * using a non DNSSEC enabled forwarder so you don't get signatures.
> * a firewall blocking fragmented UDP and named falling back to
>   plain DNS.
> * other packet loss causing named to fallback to plain DNS.

Given that I have confirmed EDNS works with:

	dig edns-v4-ok.isc.org TXT
	dig edns-v6-ok.isc.org TXT

and that I don't have a firewall that would/should be dropping
(properly) fragmented UDP[1] and I have no other indications of packet
loss, are we looking at a bug in BIND9 to explain this (mis-)behavior?

Cheers,
b.

[1] I'd be happy to test and provide evidence if anyone has a test that
will do so.  Perhaps a dig command targeted at one of the many failures
that my logs are constantly showing?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120515/99f7ddac/attachment.bin>


More information about the bind-users mailing list