Perhaps inspect the zone file?
Also the CDS/CDNSKEY consistency checks stick out. Perhaps remove them
from the unsigned zone files?
Best regards,
Matthijs
On 12-04-2021 14:52, @lbutlr wrote:
I restored a backup of my named.conf after a little bit of an oops. The file is
the same exact file as it was yesterday, bt on starting bind I get:
named[24161] ----------------------------------------------------
named[24161] BIND 9 is maintained by Internet Systems Consortium,
named[24161] Inc. (ISC), a non-profit 501(c)(3) public-benefit
named[24161] corporation. Support and training for BIND 9 are
named[24161] available at https://www.isc.org/support
named[24161] ----------------------------------------------------
named[24161] command channel listening on 127.0.0.1#953
named[24161] zone localhost/IN: CDS/CDNSKEY consistency checks failed
named[24161] zone localhost/IN: not loaded due to errors.
named[24161] /usr/local/etc/namedb/working/localhost-reverse.db:3: ignoring
out-of-zone data (0.ip6.arpa)
named[24161] /usr/local/etc/namedb/working/localhost-reverse.db:17: ignoring
out-of-zone data
(1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa)
named[24161] /usr/local/etc/namedb/working/localhost-reverse.db:18: ignoring
out-of-zone data (1.0.0.0.ip6.arpa)
named[24161] zone 127.in-addr.arpa/IN: has 0 SOA records
named[24161] zone 127.in-addr.arpa/IN: has no NS records
named[24161] zone 127.in-addr.arpa/IN: not loaded due to errors.
named[24161] zone 0.ip6.arpa/IN: CDS/CDNSKEY consistency checks failed
named[24161] zone 0.ip6.arpa/IN: not loaded due to errors.
named[24161] all zones loaded
named[24161] DNS format error from 82.192.82.228#53 resolving
112.242.54.110.in-addr.arpa/PTR for 65.121.55.44#55292: Name in-addr.arpa (SOA)
not subdomain of zone 242.54.110.in-addr.arpa -- invalid response
named[24161] DNS format error from 82.192.82.228#53 resolving
112.242.54.110.in-addr.arpa/PTR for 127.0.0.1#27795: Name in-addr.arpa (SOA)
not subdomain of zone 242.54.110.in-addr.arpa -- invalid response
This last repeats periodically
Stoping and starting named don't clear the error, but named appears to be fine
(checking domains returns expected results). Key files are updating every hour
as expected. The secondary servers are in sync…
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users