Re: BIND dnssec issue

2016-11-06 Thread Mark Andrews
In message , Mahdi Adnan writes: > Thank you for your response. > > > Date is correct in all servers as well as RRSIG. > > Mon Nov 7 08:56:03 AST 2016 > Mon Nov 7 05:56:03 UTC 2016 > > > > ; <<>> DiG

Re: building bind 9.11.0, python error on centos 6

2016-11-06 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2016-11-07 at 10:47 +1100, Mark Andrews wrote: > Install a Python version that has not been end-of-lifed > in the meantime disable python at configure time (--with-python=no). bind-9.11.0-P1.tar.gz/bind-9.11.0-P1/configure contains code:

Re: building bind 9.11.0, python error on centos 6

2016-11-06 Thread Mark Andrews
Install a Python version that has not been end-of-lifed in the meantime disable python at configure time (--with-python=no). In message <1478303695.22284.18.ca...@ns.five-ten-sg.com>, Carl Byington writes : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Centos 6 has python version

Re: BIND dnssec issue

2016-11-06 Thread Mark Andrews
First check your system clocks and make sure they are correct. 'date -u' will show the time in UTC. Here in Australia we are 11 hours in front of UTC so where I run 'date; date -u' I get: Mon 7 Nov 2016 07:42:33 EST Sun 6 Nov 2016 20:42:33 UTC 'dig +cd +dnssec' will let you see the RRSIG

BIND dnssec issue

2016-11-06 Thread Mahdi Adnan
Hello, We have several Bind recursive servers and all of them stop responding to queries at 10:00 PM daily for 4 minutes starting from November 1st with the following error in the logs; "SOA: got insecure response; parent indicates it should be secure" "DNSKEY: verify failed due to bad