<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFCC">
<br>
<div class="moz-cite-prefix">On 05/12/12 18:29, Hauke Lampe wrote:<br>
</div>
<blockquote cite="mid:50BF8472.7090104@hauke-lampe.de" type="cite">On
05.12.2012 14:59, Daniele Imbrogino wrote:
<br>
<br>
<blockquote type="cite">resolv.conf contains only 127.0.0.1 as
nameserver.
<br>
<br>
The syslog contains a lot of errors as "insecurity proof
failed", "no valid
<br>
RRSIG", "got insecure response" that I don't understand.
<br>
</blockquote>
<br>
Your forwarder probably doesn't handle DNSSEC responses well.
Therefore your BIND cannot validate the answers and returns a
failure code.
<br>
<br>
Either update the forwarder/enable DNSSEC (older versions of BIND
9 require "dnssec-enable yes;" in the options clause), or disable
DNSSEC validation in your local BIND (set "dnssec-validation
no;").
<br>
</blockquote>
Or consider not doing forwarding, that usually gives fewer problems
if possible.<br>
<blockquote cite="mid:50BF8472.7090104@hauke-lampe.de" type="cite">
<br>
<br>
<br>
Hauke
<br>
<br>
_______________________________________________
<br>
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to
unsubscribe from this list
<br>
<br>
bind-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
</pre>
</body>
</html>