Hi Wolfgang,
now I face the same problem on two installations, the one @home and the
other @school.
Wolfgang Schweer:
(As of bullseye: 'service named status')
that's what I get:
from tjener @home
root@tjener:~# service named status
● named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor
preset: enabled)
Active: active (running) since Tue 2022-01-25 20:04:26 CET; 4min
19s ago
Docs: man:named(8)
Main PID: 995 (named)
Tasks: 10 (limit: 9487)
Memory: 67.8M
CPU: 584ms
CGroup: /system.slice/named.service
└─995 /usr/sbin/named -f -4 -u bind
Jan 25 20:08:45 tjener.intern named[995]: no valid RRSIG resolving
'xyz/DS/IN': 199.7.83.42#53
Jan 25 20:08:45 tjener.intern named[995]: validating xyz/DS: no valid
signature found
Jan 25 20:08:45 tjener.intern named[995]: no valid RRSIG resolving
'xyz/DS/IN': 192.58.128.30#53
Jan 25 20:08:45 tjener.intern named[995]: validating xyz/DS: no valid
signature found
Jan 25 20:08:45 tjener.intern named[995]: no valid RRSIG resolving
'xyz/DS/IN': 193.0.14.129#53
Jan 25 20:08:45 tjener.intern named[995]: validating xyz/DS: no valid
signature found
Jan 25 20:08:45 tjener.intern named[995]: no valid RRSIG resolving
'xyz/DS/IN': 202.12.27.33#53
Jan 25 20:08:45 tjener.intern named[995]: validating xyz/DS: no valid
signature found
Jan 25 20:08:45 tjener.intern named[995]: no valid RRSIG resolving
'xyz/DS/IN': 192.112.36.4#53
Jan 25 20:08:45 tjener.intern named[995]: broken trust chain resolving
'gitcdn.xyz/AAAA/IN': 172.64.33.132#53
from tjener @school
root@tjener:~# service named status
● named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor
preset: enabled)
Active: active (running) since Tue 2022-01-25 16:40:10 CET; 16h ago
Docs: man:named(8)
Main PID: 2548 (named)
Tasks: 10 (limit: 38126)
Memory: 122.1M
CPU: 3.327s
CGroup: /system.slice/named.service
└─2548 /usr/sbin/named -f -4 -u bind
Jan 26 08:45:53 tjener.intern named[2548]: validating com/DS: no valid
signature found
Jan 26 08:45:53 tjener.intern named[2548]: no valid RRSIG resolving
'com/DS/IN': 199.7.83.42#53
Jan 26 08:45:53 tjener.intern named[2548]: validating com/DS: no valid
signature found
Jan 26 08:45:53 tjener.intern named[2548]: no valid RRSIG resolving
'com/DS/IN': 202.12.27.33#53
Jan 26 08:45:53 tjener.intern named[2548]: validating com/DS: no valid
signature found
Jan 26 08:45:53 tjener.intern named[2548]: no valid RRSIG resolving
'com/DS/IN': 199.9.14.201#53
Jan 26 08:45:53 tjener.intern named[2548]: validating com/DS: no valid
signature found
Jan 26 08:45:53 tjener.intern named[2548]: no valid RRSIG resolving
'com/DS/IN': 192.112.36.4#53
Jan 26 08:45:53 tjener.intern named[2548]: broken trust chain resolving
'raw.githubusercontent.com/AAAA/IN': 205.251.192.181#53
Jan 26 08:45:53 tjener.intern named[2548]: broken trust chain resolving
'raw.githubusercontent.com/A/IN': 205.251.192.181#53
No idea what is going on myself, I must admit. :)
What a pity, I had all my hopes on you ;-)
Might be something like this known issue:
https://bugs.debian.org/983216
Seams xou're right.
So I'm uncertain whether to follow the workaround.
Guess I first give it another try with a more current netinstall image:
I just found I used debian-edu-11.1.0-amd64-netinst.iso from last november.
I'll report later.
Kind regards
readU
Frank
Wolfgang
