On Tue, 17 Sep 2019 18:33:51 -0400,
Ian Zimmerman wrote:
>
> On 2019-09-17 13:01, John Covici wrote:
>
> > > > Also, when I restart named (which I have now done automatically by
> > > > systemd) it gives me a lot of errors like the following:
> > > > Sep 17 03:11:59 ccs.covici.com named[3299910]: validating arpa/DS: no
> > > > valid signature found
> > > > or this:
> > > > Sep 17 03:12:00 ccs.covici.com named[3299910]: validating com/DS: no
> > > > valid signature found
> > >
> > > This looks like a DNSSEC problem. I don't run bind on my gentoo system,
> > > but I did this:
>
> > > [snipped]
>
> > > Try running "ldd /usr/sbin/named". Is openssl (ie. libssl and
> > > libcrypto) part of the output?
>
> > libcrypto is there along with libgnutls, but no libssl.
>
> Ok, so it probably is built with DNSSEC support.
>
> How do you populate your cache? Do you recurse to the root servers, or
> do you have a "forwarder" (for example, your ISP server) to which you
> pass all queries that miss the cache?
I have more than one, but they are forwarders.
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici wb2una
[email protected]
