On Mon, 17 Aug 2009, John Marshall wrote:
named[204]: no valid RRSIG resolving 'cvsup.au.freebsd.org/A/IN': 123.136.33.242#53
What should I do to troubleshoot this if it happens again?
First of all, try and dump the cache, using rndc dumpdb -all. This gets a snapshot of the current state of your nameservers. Debugging something a few hours later might look completely different in a DNS world. When doing dnssec queries that cause servfails, running the query with the Checking Disabled (CD) bit, might tell you a little bit more on what the named thinks it has. It's still a bit tricky to figure out things from that, eg "dig +dnssec +cd cvsup.au.freebsd.org." You can also use "drill" from the ldns package, to get some more information. In this case, running "drill -D -S cvsup.au.freebsd.org" would have been interesting, as it would go through all the parent records chasing where this supposed RRSIG came from. Note that cvsup.au.freebsd.org is a CNAME to freebsd4.riverwillow.net.au. Was riverwillow.net.au the internal view zone you had signed? Paul _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
