The only way I can replicate the behaviour is with dnssec-enable no or with an unsigned version of the zone in another view. Assuming you've not overlapped your views in such a way (it was a very contrived test), I think you'll need to provide a bit more information on your configuration.
-options -relevant view statement -The zone statement (from the hashed file if you are using the new dynamic zones feature). -The zone itself -Query logs. Without the full dig output it is hard to see what is actually happening. I'd suggest including that as well. If you dig axfr or dig rrsig are the signatures present? On 21/01/11 9:13 AM, "Zbigniew Jasiński" <szo...@nask.pl> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > W dniu 2011-01-19 18:38, Hauke Lampe pisze: > >> Another thing you might check: >> >> With "dnssec-enable no;" in named.conf, BIND still does its automatic >> DNSSEC signing but won't add RRSIG to responses. >> >> I ran across such a configuration lately. Your problem sounds similar. >> >> >> Hauke. > > that was first thing which I've checked: > > dnssec-enable yes; > > and it's of course enabled. > > I see in journal file: > > ./sbin/named-journalprint var/zone/example.jnl > > add example. 3600 IN RRSIG DNSKEY 10 1 3600 > 20110218225336 20110119215336 57635 example. > Xo9o137Q4BmELA0wumTLujJkHq0b/tDbYvuFCfZDfcbp8cuutDJUxCPy > <CUT> > add example. 3600 IN RRSIG DNSKEY 10 1 3600 > 20110218225336 20110119215336 57636 example. > SfFa5xjRtb/VBm3Zv1j31VRlqJORM0laX1PuZ+Asi6IFutH4q5TeknYN > <CUT> > add example. 3600 IN RRSIG SOA 10 1 3600 > 20110218225336 20110119215336 57635 example. > wYZ/nZbnN6HGrWTDLkfbyW4dQGMVs1ZVY+r8zc9t92ykxu7ipycxnITW > <CUT> > > also RRSIG for SOA record and for DNSKEY records are present in plain > zone file but still named isn't responding with correct signatures. > > - -- > regards > > zbigniew jasinski > [SYStem OPerator] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQIcBAEBAgAGBQJNOUAtAAoJEH26UYiRhe/goMcP/i5MLxBFh8+Fl2R2oqIKdRR1 > ntBcfXBK1niJmlDpFzGu97gXNxoofk/bWVEhb+eo/e4+ln8bSuOiKVV5PQJ8zq1t > ke5jCIw7iRdBQgMcZNHQCWcI1lCWnPc0SxcCtw6u2ZItfFxqwANwFJw0oXwX/C8i > iVGflBdSUI9G/MGIaCsiwBdNBZnVhgrVz5F3KHXKC6aH49HI9kieXqz8v9pczcGR > xoy/RRrgObvb8N4jz2GA+fq8thFoKzZkoWLWG/5eE9uYd8oY3wLHIoAt0jBfGXOR > UXrFQ1QDqjUdotb3ovUGH2NH1NpWnITYm9gDWqEo3egaLpQU6itc2z57BNkuIkPS > qn3m2rgnEKy+p6flLYNxwyYnrXWVIpti73r+aPpkWQpWptEBcyCIl2su6yLZPv1y > R7ioFCualJLOWWqio9w5hQeRUvgrF6w7XBc97PMWgwLSrjHF0XADOWn9IqB4/XgA > agPSo7p8D6mmfpnv9c+q1JVIUEhEqihNs5/c1/dhRRn4SRIucvvzuVlXB/gqVQep > i+Ft2Tq3zgepBOxLGtZQ22o7VoBSWj8tHT6qRDG9qChsOXE054eN+r8xNbJ4rRzu > oASw1n11vm0JAqceMeadCc0Zz2y4WbIJO7jEsPTp9KUHPNwbDmNnMH7pWyHvxS4v > oZD7PbxPnyDpwRerG7zh > =Sp+3 > -----END PGP SIGNATURE----- > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Kal Feher _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
