BIND 9 troubleshooting issues

Issue: No DNS lookups for external domains anymore, resolving internal domains works correctly
Error: “(network unreachable) resolving ‘dlv.isc.org/DNSKEY/IN”
Solution: check the current date and time on the server and adjust it.

Issue: DNS requests for FQDN’s outside of my LAN are not resolved anymore.
Error:
Jun 16 18:41:11 puskom64[13832]: validating @0x7f32c43d00a0: . NS: got insecure response; parent indicates it should be secure
Jun 16 18:41:11 puskom64[13832]: error (insecurity proof failed) resolving ‘./NS/IN’: 10.0.1.254#53
Jun 16 18:41:11 puskom64[13832]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for ‘dlv.isc.org’: success
Jun 16 18:41:11 puskom64[13832]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for ‘.’: success
Jun 16 18:41:11 puskom64[13832]: /var/named/dynamic/managed-keys.bind.jnl: create: file not found
Jun 16 18:41:11 puskom64[13832]: managed-keys-zone ./IN: keyfetch_done:dns_journal_open -> unexpected error
Jun 16 18:41:11 puskom64[13832]: validating @0x7f32c43cd070: . NS: no valid signature found
Jun 16 18:41:11 puskom64[13832]: error (no valid RRSIG) resolving ‘./NS/IN’: 192.58.128.30#53
Jun 16 18:41:11 puskom64[13832]: validating @0x7f32c43cd070: . NS: no valid signature found
Jun 16 18:41:13 puskom64[13832]: error (no valid RRSIG) resolving ‘./NS/IN’: 192.203.230.10#53
Jun 16 18:41:14 puskom64[13832]: error (network unreachable) resolving ‘./NS/IN’: 2012:dc3::35#53

Jun 16 18:41:13 puskom64[13832]: validating @0x7f32c43cd070: . NS: no valid signature found
Jun 16 18:41:13 puskom64[13832]: error (no valid RRSIG) resolving ‘./NS/IN’: 192.203.230.10#53
Jun 16 18:41:14 puskom64[13832]: error (network unreachable) resolving ‘./NS/IN’: 2012:dc3::35#53
Jun 16 18:41:14 puskom64[13832]: error (network unreachable) resolving ‘./NS/IN’: 2012:7fd::1#53

Solution:
I don’t konw the solution, but I do know it is related to dnssec. I disabled dnssec in my named.conf as a workaround:
dnssec-validation no;

Maybe someone else can explain this to me?

5 pemikiran pada “BIND 9 troubleshooting issues

  1. Salam hangat,

    Websitenya sangat bagus, saya suka ^_^ ,

    memang dalam pembuatan dns server sering kendala dengan config yang cukup harus membuat kita meneliti lebih dalam, kekurangan tanda titik saja pasti akan error, saran saya coba install bind 9 + mysql agar mudah merecordnya , atau anda bisa menggunakan hosting control panel pada primary DNS anda. terimakasih yah saya sudah diizinkan mampir ^_^.

      1. yup mas kita tetangga ^_^ salam kenal kembali, saya juga menggunakan bind 9 untuk 2 server dns saya , khusus untuk primary dns saya pasang hosting control panel untuk manage lebih gampang hehehe webBased ^_^ , masing2 server dns diinstall bind 9 + mysql , agar record lebih mudah ^_^ ,

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s