Bind9 / Named Question

C M Reinehr cmr at amsent.com
Tue Sep 20 08:03:38 PDT 2016 

James,

I was being lazy when I said that I copied the files over. Really, I attempted 
to edit the new configuration files as written by the installer to reflect my 
local customizations. FWIW Bind is running and correctly resolving all domain 
look-ups, but just keeps generating these irritating messages to syslog with 
respect to trust.com. The other thing, is what process constantly is 
generating these attempted validations?

Thanks!

CMR

On Tuesday, September 20, 2016 07:42:30 AM James McDonald via Linux-users 
wrote:
> Sorry I just hit send with out reading...  you've done all that... apologies
> 
> When I copy config files from one version to another I usually do a diff on
> the files as installed to see if there is something missing between the
> config files as installed and what I copied over...
> 
> So I usually grab the latest package and extract the contents of the deb
> and then do a compare...
> 
> May not be helpful, but just an idea.
> 
> On 20 September 2016 at 07:39, James McDonald <james at jmits.com.au> wrote:
> > https://jackson-brain.com/bind-configuration-and-dnssec-> > validating-no-signature-found/
> > dnssec-validation auto;
> > 
> > 
> > 
> > On 20 September 2016 at 06:25, C M Reinehr via Linux-users <
> > 
> > linux-users at linux-sxs.org> wrote:
> >> Thanks to all in advance!
> >> 
> >> I set up a new server last month -- Debian v8.5 (Jessie) -- running Bind9
> >> (1:9.9.5.dfsg-9+deb8u5).
> >> I copied the configuration files from an older server and everything
> >> seems to be operating normally
> >> except for one irritating behavior.
> >> 
> >> I also am running logcheck and every hour of the day, day in & day out, I
> >> receive the following messages:
> >> 
> >> System Events
> >> =-=-=-=-=-=-=
> >> Sep 19 14:10:52 Vingolf named[1063]: validating @0x7f98ac067600:
> >> consent.truste.com A: no valid signature found
> >> Sep 19 14:10:52 Vingolf named[1063]: validating @0x7f98b0079120:
> >> consent.truste.com AAAA: no valid signature found
> >> Sep 19 14:13:20 Vingolf named[1063]: validating @0x7f98a4056ed0:
> >> choices-or.truste.com A: no valid signature found
> >> Sep 19 14:13:20 Vingolf named[1063]: validating @0x7f98a4057b60:
> >> choices.truste.com A: no valid signature found
> >> Sep 19 14:27:14 Vingolf named[1063]: validating @0x7f98b49258f0:
> >> choices.truste.com AAAA: no valid signature found
> >> Sep 19 14:27:14 Vingolf named[1063]: validating @0x7f98b0079120:
> >> choices.truste.com A: no valid signature found
> >> Sep 19 14:27:16 Vingolf named[1063]: validating @0x7f989c06ee50:
> >> choices-or.truste.com AAAA: no valid signature found
> >> Sep 19 14:27:16 Vingolf named[1063]: validating @0x7f989c070770:
> >> choices-or.truste.com A: no valid signature found
> >> 
> >> Always the same named domains. Some times fewer & some times more, but 24
> >> hours a day these
> >> messages are being logged.
> >> 
> >> Can anyone explain what program is triggering these attempts to validate
> >> these domains & why there
> >> is a problem.
> >> 
> >> I have added the following statements in my named.conf.options file:
> >>         dnssec-enable yes;
> >>         
> >>         dnssec-validation auto;
> >>         
> >>         dnssec-lookaside auto;
> >> 
> >> Originally, it contained only the statement dnssec-validation yes;
> >> Changing made no difference.
> >> 
> >> Cheers & thanks, again!
> >> 
> >> --
> >> C M Reinehr
> >> ----
> >> Linux distribution Debian v8.5, "Jessie"
> >> ------
> >> "The most difficult subjects can be explained to the most slow-witted man
> >> if he has not formed any idea of them already; but the simplest thing
> >> cannot be made clear to the most intelligent man if he is firmly
> >> persuaded
> >> that he knows already, without a shadow of a doubt, what is laid before
> >> him." -- Leo Tolstoy
> >> --------
> >> 
> >> _______________________________________________
> >> Linux-users mailing list
> >> Linux-users at linux-sxs.org
> >> http://mailman.celestial.com/mailman/listinfo/linux-users
> > 
> > --
> > James McDonald IT Services
> > 11/79 Earl St, Kew, VIC, 3101
> > Mob.: +61 428 964 633
> > Email: james at jmits.com.au
> > ABN: 84 008 812 322
> 
> --
> James McDonald IT Services
> 11/79 Earl St, Kew, VIC, 3101
> Mob.: +61 428 964 633
> Email: james at jmits.com.au
> ABN: 84 008 812 322
-- 
C M Reinehr
AMS Enterprises, LLC.
323 Bibb St (36104)
PO Box 20
Montgomery AL 36101-0020
334-269-4358 (Voice)
334-262-1706 (Fax)
----
Linux distribution Debian v8.5, "Jessie"
------
"The spirit of resistance to government is so valuable on certain occasions 
that I wish it to be always kept alive. It will often be exercised when wrong, 
but better so than not to be exercised at all." -- Thomas Jefferson
--------

More information about the Linux-users mailing list