Bind9 / Named Question

C M Reinehr cmr at amsent.com
Wed Sep 21 07:17:43 PDT 2016 

James,

Good question. I know just enough about DNS to be dangerous & was hoping for a 
quick & easy answer. :-)

Failing that, I guess I'll have to go back to school & learn how all this 
works. I suspect that you're correct in saying that the problem lies with 
trust.com rather than with my system.

Sincerely,

CMR

On Wednesday, September 21, 2016 09:21:03 AM James McDonald via Linux-users 
wrote:
> I have no idea how this all works but does the trust.com DNS server have a
> cert you can download and bundle with your other certs to allow it to
> validate successfully?
> 
> On 21 September 2016 at 01:03, C M Reinehr via Linux-users <
> 
> linux-users at linux-sxs.org> wrote:
> > James,
> > 
> > I was being lazy when I said that I copied the files over. Really, I
> > attempted
> > to edit the new configuration files as written by the installer to reflect
> > my
> > local customizations. FWIW Bind is running and correctly resolving all
> > domain
> > look-ups, but just keeps generating these irritating messages to syslog
> > with
> > respect to trust.com. The other thing, is what process constantly is
> > generating these attempted validations?
> > 
> > Thanks!
> > 
> > CMR
> > 
> > On Tuesday, September 20, 2016 07:42:30 AM James McDonald via Linux-users
> > 
> > wrote:
> > > Sorry I just hit send with out reading...  you've done all that...
> > 
> > apologies
> > 
> > > When I copy config files from one version to another I usually do a diff
> > 
> > on
> > 
> > > the files as installed to see if there is something missing between the
> > > config files as installed and what I copied over...
> > > 
> > > So I usually grab the latest package and extract the contents of the deb
> > > and then do a compare...
> > > 
> > > May not be helpful, but just an idea.
> > > 
> > > On 20 September 2016 at 07:39, James McDonald <james at jmits.com.au>
> > 
> > wrote:
> > > > https://jackson-brain.com/bind-configuration-and-dnssec-> >
> > 
> > validating-no-signature-found/
> > 
> > > > dnssec-validation auto;
> > > > 
> > > > 
> > > > 
> > > > On 20 September 2016 at 06:25, C M Reinehr via Linux-users <
> > > > 
> > > > linux-users at linux-sxs.org> wrote:
> > > >> Thanks to all in advance!
> > > >> 
> > > >> I set up a new server last month -- Debian v8.5 (Jessie) -- running
> > 
> > Bind9
> > 
> > > >> (1:9.9.5.dfsg-9+deb8u5).
> > > >> I copied the configuration files from an older server and everything
> > > >> seems to be operating normally
> > > >> except for one irritating behavior.
> > > >> 
> > > >> I also am running logcheck and every hour of the day, day in & day
> > 
> > out, I
> > 
> > > >> receive the following messages:
> > > >> 
> > > >> System Events
> > > >> =-=-=-=-=-=-=
> > > >> Sep 19 14:10:52 Vingolf named[1063]: validating @0x7f98ac067600:
> > > >> consent.truste.com A: no valid signature found
> > > >> Sep 19 14:10:52 Vingolf named[1063]: validating @0x7f98b0079120:
> > > >> consent.truste.com AAAA: no valid signature found
> > > >> Sep 19 14:13:20 Vingolf named[1063]: validating @0x7f98a4056ed0:
> > > >> choices-or.truste.com A: no valid signature found
> > > >> Sep 19 14:13:20 Vingolf named[1063]: validating @0x7f98a4057b60:
> > > >> choices.truste.com A: no valid signature found
> > > >> Sep 19 14:27:14 Vingolf named[1063]: validating @0x7f98b49258f0:
> > > >> choices.truste.com AAAA: no valid signature found
> > > >> Sep 19 14:27:14 Vingolf named[1063]: validating @0x7f98b0079120:
> > > >> choices.truste.com A: no valid signature found
> > > >> Sep 19 14:27:16 Vingolf named[1063]: validating @0x7f989c06ee50:
> > > >> choices-or.truste.com AAAA: no valid signature found
> > > >> Sep 19 14:27:16 Vingolf named[1063]: validating @0x7f989c070770:
> > > >> choices-or.truste.com A: no valid signature found
> > > >> 
> > > >> Always the same named domains. Some times fewer & some times more,
> > 
> > but 24
> > 
> > > >> hours a day these
> > > >> messages are being logged.
> > > >> 
> > > >> Can anyone explain what program is triggering these attempts to
> > 
> > validate
> > 
> > > >> these domains & why there
> > > >> is a problem.
> > > >> 
> > > >> I have added the following statements in my named.conf.options file:
> > > >>         dnssec-enable yes;
> > > >>         
> > > >>         dnssec-validation auto;
> > > >>         
> > > >>         dnssec-lookaside auto;
> > > >> 
> > > >> Originally, it contained only the statement dnssec-validation yes;
> > > >> Changing made no difference.
> > > >> 
> > > >> Cheers & thanks, again!
> > > >> 
> > > >> --
> > > >> C M Reinehr
> > > >> ----
> > > >> Linux distribution Debian v8.5, "Jessie"
> > > >> ------
> > > >> "The most difficult subjects can be explained to the most slow-witted
> > 
> > man
> > 
> > > >> if he has not formed any idea of them already; but the simplest thing
> > > >> cannot be made clear to the most intelligent man if he is firmly
> > > >> persuaded
> > > >> that he knows already, without a shadow of a doubt, what is laid
> > 
> > before
> > 
> > > >> him." -- Leo Tolstoy
> > > >> --------
> > > >> 
> > > >> _______________________________________________
> > > >> Linux-users mailing list
> > > >> Linux-users at linux-sxs.org
> > > >> http://mailman.celestial.com/mailman/listinfo/linux-users
> > > > 
> > > > --
> > > > James McDonald IT Services
> > > > 11/79 Earl St, Kew, VIC, 3101
> > > > Mob.: +61 428 964 633
> > > > Email: james at jmits.com.au
> > > > ABN: 84 008 812 322
> > > 
> > > --
> > > James McDonald IT Services
> > > 11/79 Earl St, Kew, VIC, 3101
> > > Mob.: +61 428 964 633
> > > Email: james at jmits.com.au
> > > ABN: 84 008 812 322
> > 
> > --
> > C M Reinehr
> > AMS Enterprises, LLC.
> > 323 Bibb St (36104)
> > PO Box 20
> > Montgomery AL 36101-0020
> > 334-269-4358 (Voice)
> > 334-262-1706 (Fax)
> > ----
> > Linux distribution Debian v8.5, "Jessie"
> > ------
> > "The spirit of resistance to government is so valuable on certain
> > occasions
> > that I wish it to be always kept alive. It will often be exercised when
> > wrong,
> > but better so than not to be exercised at all." -- Thomas Jefferson
> > --------
> > 
> > _______________________________________________
> > Linux-users mailing list
> > Linux-users at linux-sxs.org
> > http://mailman.celestial.com/mailman/listinfo/linux-users
> 
> --
> James McDonald IT Services
> 11/79 Earl St, Kew, VIC, 3101
> Mob.: +61 428 964 633
> Email: james at jmits.com.au
> ABN: 84 008 812 322
-- 
C M Reinehr
AMS Enterprises, LLC.
323 Bibb St (36104)
PO Box 20
Montgomery AL 36101-0020
334-269-4358 (Voice)
334-262-1706 (Fax)
----
Linux distribution Debian v8.5, "Jessie"
------
"A free people ought not only to be armed and disciplined, but they should 
have sufficient arms and ammunition to maintain a status of independence from 
any who might attempt to abuse them, which would include their own 
government." -- George Washington
--------

More information about the Linux-users mailing list