hi fellow users,
I'm having a puzzle to solve and because I'm an amateur I'm
hoping an expert could help, otherwise it'll take me ages.
I have a 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 which runs a
signed zone and another server that forwards to it.
The server(swir.private.aaa.bbb.private.czz.yy.zz) that
forwards to the zone reports:
May 20 16:02:57 swir.private.aaa.bbb.private.czz.yy.zz
named[9104]: validating @0x7f5fe4007f80: XXXX.ZZZZ SOA: no
valid signature found
May 20 16:02:57 swir.private.aaa.bbb.private.czz.yy.zz
named[9104]: validating @0x7f5fe4008c10: whale.XXXX.ZZZZ A:
no valid signature found
May 20 16:02:57 swir.private.aaa.bbb.private.czz.yy.zz
named[9104]: validating @0x7f5fe4007f80: whale.XXXX.ZZZZ
NSEC: no valid signature found
May 20 16:02:57 swir.private.aaa.bbb.private.czz.yy.zz
named[9104]: validating @0x7f5fd800f5c0: XXXX.ZZZZ SOA: no
valid signature found
May 20 16:02:57 swir.private.aaa.bbb.private.czz.yy.zz
named[9104]: validating @0x7f5fd800f5c0: whale.XXXX.ZZZZ
NSEC: no valid signature found
May 20 16:02:57 swir.private.aaa.bbb.private.czz.yy.zz
named[9104]: error (no valid RRSIG) resolving
'whale.XXXX.ZZZZ/DS/IN': 192.168.2.100#53
whale.XXXX.ZZZZ is the server with signed zone, above is a
result of
$ dig +qr any that.zone
and query does not return a single record.
but if I only do:
$ dig +qr any that.zone @192.168.2.100(server with signed zone)
then everything works fine, seemingly.
Forwarding server's conf snippet is pretty plain vanilla:
zone "XXXX.ZZZZ" IN {
forward only;
type forward;
forwarders port 53 { 192.168.2.100; };
};
forwarding server is 9.9.4-RedHat-9.9.4-29.el7_2.3
What am I doing wrong, what am I missing?
many thanks,
L.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
