Bind9 / Named Question

James McDonald james at jmits.com.au
Tue Sep 20 16:21:03 PDT 2016 

I have no idea how this all works but does the trust.com DNS server have a
cert you can download and bundle with your other certs to allow it to
validate successfully?

On 21 September 2016 at 01:03, C M Reinehr via Linux-users <
linux-users at linux-sxs.org> wrote:

> James,
>
> I was being lazy when I said that I copied the files over. Really, I
> attempted
> to edit the new configuration files as written by the installer to reflect
> my
> local customizations. FWIW Bind is running and correctly resolving all
> domain
> look-ups, but just keeps generating these irritating messages to syslog
> with
> respect to trust.com. The other thing, is what process constantly is
> generating these attempted validations?
>
> Thanks!
>
> CMR
>
> On Tuesday, September 20, 2016 07:42:30 AM James McDonald via Linux-users
> wrote:
> > Sorry I just hit send with out reading...  you've done all that...
> apologies
> >
> > When I copy config files from one version to another I usually do a diff
> on
> > the files as installed to see if there is something missing between the
> > config files as installed and what I copied over...
> >
> > So I usually grab the latest package and extract the contents of the deb
> > and then do a compare...
> >
> > May not be helpful, but just an idea.
> >
> > On 20 September 2016 at 07:39, James McDonald <james at jmits.com.au>
> wrote:
> > > https://jackson-brain.com/bind-configuration-and-dnssec-> >
> validating-no-signature-found/
> > > dnssec-validation auto;
> > >
> > >
> > >
> > > On 20 September 2016 at 06:25, C M Reinehr via Linux-users <
> > >
> > > linux-users at linux-sxs.org> wrote:
> > >> Thanks to all in advance!
> > >>
> > >> I set up a new server last month -- Debian v8.5 (Jessie) -- running
> Bind9
> > >> (1:9.9.5.dfsg-9+deb8u5).
> > >> I copied the configuration files from an older server and everything
> > >> seems to be operating normally
> > >> except for one irritating behavior.
> > >>
> > >> I also am running logcheck and every hour of the day, day in & day
> out, I
> > >> receive the following messages:
> > >>
> > >> System Events
> > >> =-=-=-=-=-=-=
> > >> Sep 19 14:10:52 Vingolf named[1063]: validating @0x7f98ac067600:
> > >> consent.truste.com A: no valid signature found
> > >> Sep 19 14:10:52 Vingolf named[1063]: validating @0x7f98b0079120:
> > >> consent.truste.com AAAA: no valid signature found
> > >> Sep 19 14:13:20 Vingolf named[1063]: validating @0x7f98a4056ed0:
> > >> choices-or.truste.com A: no valid signature found
> > >> Sep 19 14:13:20 Vingolf named[1063]: validating @0x7f98a4057b60:
> > >> choices.truste.com A: no valid signature found
> > >> Sep 19 14:27:14 Vingolf named[1063]: validating @0x7f98b49258f0:
> > >> choices.truste.com AAAA: no valid signature found
> > >> Sep 19 14:27:14 Vingolf named[1063]: validating @0x7f98b0079120:
> > >> choices.truste.com A: no valid signature found
> > >> Sep 19 14:27:16 Vingolf named[1063]: validating @0x7f989c06ee50:
> > >> choices-or.truste.com AAAA: no valid signature found
> > >> Sep 19 14:27:16 Vingolf named[1063]: validating @0x7f989c070770:
> > >> choices-or.truste.com A: no valid signature found
> > >>
> > >> Always the same named domains. Some times fewer & some times more,
> but 24
> > >> hours a day these
> > >> messages are being logged.
> > >>
> > >> Can anyone explain what program is triggering these attempts to
> validate
> > >> these domains & why there
> > >> is a problem.
> > >>
> > >> I have added the following statements in my named.conf.options file:
> > >>         dnssec-enable yes;
> > >>
> > >>         dnssec-validation auto;
> > >>
> > >>         dnssec-lookaside auto;
> > >>
> > >> Originally, it contained only the statement dnssec-validation yes;
> > >> Changing made no difference.
> > >>
> > >> Cheers & thanks, again!
> > >>
> > >> --
> > >> C M Reinehr
> > >> ----
> > >> Linux distribution Debian v8.5, "Jessie"
> > >> ------
> > >> "The most difficult subjects can be explained to the most slow-witted
> man
> > >> if he has not formed any idea of them already; but the simplest thing
> > >> cannot be made clear to the most intelligent man if he is firmly
> > >> persuaded
> > >> that he knows already, without a shadow of a doubt, what is laid
> before
> > >> him." -- Leo Tolstoy
> > >> --------
> > >>
> > >> _______________________________________________
> > >> Linux-users mailing list
> > >> Linux-users at linux-sxs.org
> > >> http://mailman.celestial.com/mailman/listinfo/linux-users
> > >
> > > --
> > > James McDonald IT Services
> > > 11/79 Earl St, Kew, VIC, 3101
> > > Mob.: +61 428 964 633
> > > Email: james at jmits.com.au
> > > ABN: 84 008 812 322
> >
> > --
> > James McDonald IT Services
> > 11/79 Earl St, Kew, VIC, 3101
> > Mob.: +61 428 964 633
> > Email: james at jmits.com.au
> > ABN: 84 008 812 322
> --
> C M Reinehr
> AMS Enterprises, LLC.
> 323 Bibb St (36104)
> PO Box 20
> Montgomery AL 36101-0020
> 334-269-4358 (Voice)
> 334-262-1706 (Fax)
> ----
> Linux distribution Debian v8.5, "Jessie"
> ------
> "The spirit of resistance to government is so valuable on certain occasions
> that I wish it to be always kept alive. It will often be exercised when
> wrong,
> but better so than not to be exercised at all." -- Thomas Jefferson
> --------
>
> _______________________________________________
> Linux-users mailing list
> Linux-users at linux-sxs.org
> http://mailman.celestial.com/mailman/listinfo/linux-users
>



-- 
James McDonald IT Services
11/79 Earl St, Kew, VIC, 3101
Mob.: +61 428 964 633
Email: james at jmits.com.au
ABN: 84 008 812 322
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.celestial.com/pipermail/linux-users/attachments/20160921/502533a4/attachment.html>

More information about the Linux-users mailing list