Package: bind9
Version: 1:9.6.ESV.R3+dfsg-0+lenny1
When using DNSSEC validation by adding the following lines to named.conf
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv.isc.org.;
trusted-keys {
dlv.isc.org. 257 3 5
"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh";
};
several hosts in the debian.org domain (security.debian.org,
volatile.debian.org, www.debian.org, packages.debian.org) are no longer
resolvable.
dig reports SERVFAIL.
named reports the following errors to daemon.log:
Dec 22 10:20:13 XXXX named[23555]: validating @0x7f7a780af9a0:
packages.debian.org A: no valid signature found
Dec 22 10:36:02 XXXX named[23555]: validating @0x7f7a780a0d50:
security.debian.org A: no valid signature found
Dec 22 10:37:56 XXXX named[23555]: validating @0x7f7a8532fc50:
www.debian.org A: no valid signature found
Workaround: disable DNSSEC validation.
Debian GNU/Linux 5.0.7, Kernel 2.6.26-2-amd64 and libc6 2.7-18lenny6.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
