Re: dnssec validation issue

Hi Mukund > Are you able to reproduce the bug with the latest stock version of BIND > 9.9? 9.9.4 is very old and that branch has had numerous bugfixes since. > I'm not able to reproduce such a validation failure with 9.9.11: At the moment the latest patched version of bind available for Cen

Re: dnssec validation issue

Hi Ganga On Thu, Aug 24, 2017 at 09:33:32AM +0600, Ganga R. Dhungyel wrote: > With dnssec-validation turned on, resolving sites like www.icann.org > fails. The alternative is to remove validation > which of course is not the desired solution. Are you able to reproduce the

Re: dnssec validation issue

On Thu, Aug 24, 2017 at 09:33:32AM +0600, Ganga R. Dhungyel wrote a message of 677 lines which said: > # dig @localhost www.icann.org A +dnssec When you suspect a DNSSEC issue, always retry dig with +cd (Checking Disabled). And post the result. ___

Re: dnssec validation issue

Ganga R. Dhungyel wrote: > > **debug log > > 23-Aug-2017 16:17:57.567 dnssec: debug 3: > validating @0x7f3ffc96e4d0: www.vip.icann.org A: > attempting insecurity proof > > With dnssec-validation turned on, resolving sites like www.icann.org fails. I think that line in the debug log in

dnssec validation issue

Hi All I am running a bind 9.9.4-50 resolver on CentOS 7 (kernel 3.10.0-514.26.2.el7.x86_64). I have enabled dnssec and made it into a validating resolver but I am facing issues with some sites that use CNAME and getting SERVFAIL. Configs are pretty simple as given below: **configs options {

Re: dnssec validation issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 2015-06-19 at 05:58 +, Eray Aslan wrote: > With the root zone and most TLDs signed, I do not think it makes sense > to use DLV anymore. While a typical DNSSEC resolver configuration has > DLV enabled, I personally make the effort to disabl

Re: dnssec validation issue

Eray Aslan writes: > On Thu, Jun 18, 2015 at 07:26:28PM -0700, Carl Byington wrote: > > On Fri, 2015-06-19 at 11:10 +1000, Mark Andrews wrote: > > > To use the keys in "/etc/named.iscdlv.key" set "dnssec-validation > > > auto;" > > New centos rpms at http://www.five-ten-sg.com/mapper/bind wi

Re: dnssec validation issue

On Thu, Jun 18, 2015 at 07:26:28PM -0700, Carl Byington wrote: > On Fri, 2015-06-19 at 11:10 +1000, Mark Andrews wrote: > > To use the keys in "/etc/named.iscdlv.key" set "dnssec-validation > > auto;" > New centos rpms at http://www.five-ten-sg.com/mapper/bind with a default > named.conf that shoul

Re: dnssec validation issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 2015-06-19 at 11:10 +1000, Mark Andrews wrote: > You don't have any trust anchors active. > To use the keys in "/etc/named.iscdlv.key" set "dnssec-validation > auto;" Thanks!! New centos rpms at http://www.five-ten-sg.com/mapper/bind with a

Re: dnssec validation issue

In message <1434674101.18744.119.ca...@ns.five-ten-sg.com>, Carl Byington write s: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I have multiple centos6 boxes running 9.10.2-P1, and almost everything > looks good. However, one box seems to not be doing dnssec validation. It > is possible

dnssec validation issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have multiple centos6 boxes running 9.10.2-P1, and almost everything looks good. However, one box seems to not be doing dnssec validation. It is possible that this behavior predates the latest updates and I just never noticed it. A and B have essent

Re: BIND DNSSEC-Validation issue sceggs.nsw.edu.au

On 09/12/11 22:12, Neil wrote: Hi BIND Users I am currently trialing Bind v9.8.1 and have come across a issue with 1 particular domain. For some reason when I query the below domain on bind resolver-cache nothing gets returned.? dig @ sceggs.nsw.edu.au ns The debug logs show 13-Sep-2011 10:11:27.

BIND DNSSEC-Validation issue sceggs.nsw.edu.au

Hi BIND Users I am currently trialing Bind v9.8.1 and have come across a issue with 1 particular domain. For some reason when I query the below domain on bind resolver-cache nothing gets returned.? dig @ sceggs.nsw.edu.au ns The debug logs show 13-Sep-2011 10:11:27.272 query-errors: debug 1