On Mon, 29 May 2023, lejeczek via FreeIPA-users wrote:
Hi guys.
That is on first master which was happy for short while and then
suddenly:
...
29-May-2023 12:38:23.597 info: client @0x7f6484005538 127.0.0.1#43235
(onet.pl): query failed (broken trust chain) for onet.pl/IN/A at
../../../lib/ns/query.c:7355
29-May-2023 12:39:08.518 info: client @0x7f64b0080088 127.0.0.1#48441
(onet.pl): query failed (broken trust chain) for onet.pl/IN/A at
../../../lib/ns/query.c:7355
and that is for any & every query.
With given forwards or no forwarders.
Time is in sync, network works, everything else seem good too... and
the second master/replica does not complain.
What might the issue (beside the obvious)?
The obvious part is described in the error message: you have broken
DNSSEC trust chain for onet.pl and that causes the issue because you
have DNSSEC validation enabled.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
