hi everybody
I think this was working some time ago, but for while
queries IPA's DNS forwards wound up like this:
validating @0x7f85dc00f9a0: swir.my.dom A: no valid
signature found
validating @0x7f85dc00f9a0: swir.my.dom A: bad cache hit
(swir.my.dom/DS)
error (broken trust chain) resolving 'swir.my.dom/A/IN':
192.168.2.100#53
dig at IPA DNS and nothing, logs:
validating @0x7f85e0134880: my.dom SOA: no valid
signature found
validating @0x7f85e0134880: my.dom NSEC: no valid
signature found
validating @0x7f85e0134880: swir.my.dom NSEC: no valid
signature found
validating @0x7f85e0134880: swir.my.dom NSEC: bad cache
hit (swir.my.dom/DS)
I dig +dnssec directly at the receiving server and result
seems normal, no errors.
IPA's dns is not dnsseced, is this the root of the problem?
Or what else might be?
bw.
L
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
