Re: Querying directly a nameserver works, while forwarding not

Wed, 05 Dec 2012 14:08:58 -0800 


On 05/12/12 18:29, Hauke Lampe wrote:

On 05.12.2012 14:59, Daniele Imbrogino wrote:


resolv.conf contains only 127.0.0.1 as nameserver.
The syslog contains a lot of errors as "insecurity proof failed", "no valid 
RRSIG", "got insecure response" that I don't understand.
Your forwarder probably doesn't handle DNSSEC responses well. Therefore your BIND cannot validate the answers and returns a failure code.
Either update the forwarder/enable DNSSEC (older versions of BIND 9 require "dnssec-enable yes;" in the options clause), or disable DNSSEC validation in your local BIND (set "dnssec-validation no;").
Or consider not doing forwarding, that usually gives fewer problems if possible. 



Hauke

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list 

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


--
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!"


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to