[Pkg-dns-devel] Bug#693587: bind9: stop resolving
Marco d'Itri
md at Linux.IT
Sun Jan 21 08:25:25 UTC 2018
Control: -1 DNSSEC validation fails on system resume
On Nov 18, Florian Weimer <fw at deneb.enyo.de> wrote:
> Is your system clock correct?
>
> I wonder if this is a clock issue, or if BIND incorrectly marks the
> DLV servers as dead.
The clock is correct and this is not related to DLV.
Most of the times my laptop resumes some domains fail to resolve.
It is running a full non-forwarding validator.
I think that this started a few months ago.
rndc flush fixes it.
E.g.:
Jan 21 08:45:05 bongo systemd-sleep[32175]: System resumed.
[...]
Jan 21 08:45:11 bongo named[10955]: validating it/SOA: got insecure response; parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]: message repeated 10 times: [ validating it/SOA: got insecure response; parent indicates it should be secure]
Jan 21 08:45:11 bongo named[10955]: validating org/SOA: got insecure response; parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]: validating it/SOA: got insecure response; parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]: validating attila.bofh.it/AAAA: bad cache hit (bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]: validating attila.bofh.it/A: bad cache hit (bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]: validating bofh.it/SOA: bad cache hit (bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]: validating bofh.it/SOA: bad cache hit (bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]: validating org/SOA: got insecure response; parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]: validating bofh.it/SOA: bad cache hit (bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]: validating bofh.it/SOA: bad cache hit (bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]: validating org/SOA: got insecure response; parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]: message repeated 3 times: [ validating org/SOA: got insecure response; parent indicates it should be secure]
Jan 21 08:45:11 bongo named[10955]: validating rss.slashdot.org/CNAME: bad cache hit (slashdot.org/DS)
Jan 21 08:45:11 bongo named[10955]: validating rss.slashdot.org/CNAME: bad cache hit (slashdot.org/DS)
Jan 21 08:45:11 bongo named[10955]: validating bofh.it/SOA: bad cache hit (bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]: validating bofh.it/SOA: bad cache hit (bofh.it/DS)
> Is it possible that you can share the output of "rndc dumpdb"?
I will try to get on the next time.
--
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-dns-devel/attachments/20180121/3b2bb9bc/attachment.sig>
More information about the pkg-dns-devel
mailing list