hi everybody

I think this was working some time ago, but for while queries IPA's DNS forwards wound up like this:

validating @0x7f85dc00f9a0: swir.my.dom A: no valid signature found validating @0x7f85dc00f9a0: swir.my.dom A: bad cache hit (swir.my.dom/DS) error (broken trust chain) resolving 'swir.my.dom/A/IN': 192.168.2.100#53

dig at IPA DNS and nothing, logs:

validating @0x7f85e0134880: my.dom SOA: no valid signature found validating @0x7f85e0134880: my.dom NSEC: no valid signature found validating @0x7f85e0134880: swir.my.dom NSEC: no valid signature found validating @0x7f85e0134880: swir.my.dom NSEC: bad cache hit (swir.my.dom/DS)

I dig +dnssec directly at the receiving server and result seems normal, no errors.

IPA's dns is not dnsseced, is this the root of the problem? Or what else might be?

bw.

L


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to