<div dir="ltr">I have no idea how this all works but does the <a href="http://trust.com">trust.com</a> DNS server have a cert you can download and bundle with your other certs to allow it to validate successfully?</div><div class="gmail_extra"><br><div class="gmail_quote">On 21 September 2016 at 01:03, C M Reinehr via Linux-users <span dir="ltr"><<a href="mailto:linux-users@linux-sxs.org" target="_blank">linux-users@linux-sxs.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">James,<br>
<br>
I was being lazy when I said that I copied the files over. Really, I attempted<br>
to edit the new configuration files as written by the installer to reflect my<br>
local customizations. FWIW Bind is running and correctly resolving all domain<br>
look-ups, but just keeps generating these irritating messages to syslog with<br>
respect to <a href="http://trust.com" rel="noreferrer" target="_blank">trust.com</a>. The other thing, is what process constantly is<br>
generating these attempted validations?<br>
<br>
Thanks!<br>
<br>
CMR<br>
<br>
On Tuesday, September 20, 2016 07:42:30 AM James McDonald via Linux-users<br>
wrote:<br>
<div><div class="h5">> Sorry I just hit send with out reading... you've done all that... apologies<br>
><br>
> When I copy config files from one version to another I usually do a diff on<br>
> the files as installed to see if there is something missing between the<br>
> config files as installed and what I copied over...<br>
><br>
> So I usually grab the latest package and extract the contents of the deb<br>
> and then do a compare...<br>
><br>
> May not be helpful, but just an idea.<br>
><br>
> On 20 September 2016 at 07:39, James McDonald <<a href="mailto:james@jmits.com.au">james@jmits.com.au</a>> wrote:<br>
> > <a href="https://jackson-brain.com/bind-configuration-and-dnssec-" rel="noreferrer" target="_blank">https://jackson-brain.com/<wbr>bind-configuration-and-dnssec-</a><wbr>> > validating-no-signature-found/<br>
> > dnssec-validation auto;<br>
> ><br>
> ><br>
> ><br>
> > On 20 September 2016 at 06:25, C M Reinehr via Linux-users <<br>
> ><br>
> > <a href="mailto:linux-users@linux-sxs.org">linux-users@linux-sxs.org</a>> wrote:<br>
> >> Thanks to all in advance!<br>
> >><br>
> >> I set up a new server last month -- Debian v8.5 (Jessie) -- running Bind9<br>
> >> (1:9.9.5.dfsg-9+deb8u5).<br>
> >> I copied the configuration files from an older server and everything<br>
> >> seems to be operating normally<br>
> >> except for one irritating behavior.<br>
> >><br>
> >> I also am running logcheck and every hour of the day, day in & day out, I<br>
> >> receive the following messages:<br>
> >><br>
> >> System Events<br>
> >> =-=-=-=-=-=-=<br>
> >> Sep 19 14:10:52 Vingolf named[1063]: validating @0x7f98ac067600:<br>
> >> <a href="http://consent.truste.com" rel="noreferrer" target="_blank">consent.truste.com</a> A: no valid signature found<br>
> >> Sep 19 14:10:52 Vingolf named[1063]: validating @0x7f98b0079120:<br>
> >> <a href="http://consent.truste.com" rel="noreferrer" target="_blank">consent.truste.com</a> AAAA: no valid signature found<br>
> >> Sep 19 14:13:20 Vingolf named[1063]: validating @0x7f98a4056ed0:<br>
> >> <a href="http://choices-or.truste.com" rel="noreferrer" target="_blank">choices-or.truste.com</a> A: no valid signature found<br>
> >> Sep 19 14:13:20 Vingolf named[1063]: validating @0x7f98a4057b60:<br>
> >> <a href="http://choices.truste.com" rel="noreferrer" target="_blank">choices.truste.com</a> A: no valid signature found<br>
> >> Sep 19 14:27:14 Vingolf named[1063]: validating @0x7f98b49258f0:<br>
> >> <a href="http://choices.truste.com" rel="noreferrer" target="_blank">choices.truste.com</a> AAAA: no valid signature found<br>
> >> Sep 19 14:27:14 Vingolf named[1063]: validating @0x7f98b0079120:<br>
> >> <a href="http://choices.truste.com" rel="noreferrer" target="_blank">choices.truste.com</a> A: no valid signature found<br>
> >> Sep 19 14:27:16 Vingolf named[1063]: validating @0x7f989c06ee50:<br>
> >> <a href="http://choices-or.truste.com" rel="noreferrer" target="_blank">choices-or.truste.com</a> AAAA: no valid signature found<br>
> >> Sep 19 14:27:16 Vingolf named[1063]: validating @0x7f989c070770:<br>
> >> <a href="http://choices-or.truste.com" rel="noreferrer" target="_blank">choices-or.truste.com</a> A: no valid signature found<br>
> >><br>
> >> Always the same named domains. Some times fewer & some times more, but 24<br>
> >> hours a day these<br>
> >> messages are being logged.<br>
> >><br>
> >> Can anyone explain what program is triggering these attempts to validate<br>
> >> these domains & why there<br>
> >> is a problem.<br>
> >><br>
> >> I have added the following statements in my named.conf.options file:<br>
> >> dnssec-enable yes;<br>
> >><br>
> >> dnssec-validation auto;<br>
> >><br>
> >> dnssec-lookaside auto;<br>
> >><br>
> >> Originally, it contained only the statement dnssec-validation yes;<br>
> >> Changing made no difference.<br>
> >><br>
> >> Cheers & thanks, again!<br>
> >><br>
> >> --<br>
> >> C M Reinehr<br>
> >> ----<br>
> >> Linux distribution Debian v8.5, "Jessie"<br>
> >> ------<br>
> >> "The most difficult subjects can be explained to the most slow-witted man<br>
> >> if he has not formed any idea of them already; but the simplest thing<br>
> >> cannot be made clear to the most intelligent man if he is firmly<br>
> >> persuaded<br>
> >> that he knows already, without a shadow of a doubt, what is laid before<br>
> >> him." -- Leo Tolstoy<br>
> >> --------<br>
> >><br>
> >> ______________________________<wbr>_________________<br>
> >> Linux-users mailing list<br>
> >> <a href="mailto:Linux-users@linux-sxs.org">Linux-users@linux-sxs.org</a><br>
> >> <a href="http://mailman.celestial.com/mailman/listinfo/linux-users" rel="noreferrer" target="_blank">http://mailman.celestial.com/<wbr>mailman/listinfo/linux-users</a><br>
> ><br>
> > --<br>
> > James McDonald IT Services<br>
> > 11/79 Earl St, Kew, VIC, 3101<br>
> > Mob.: <a href="tel:%2B61%20428%20964%20633" value="+61428964633">+61 428 964 633</a><br>
> > Email: <a href="mailto:james@jmits.com.au">james@jmits.com.au</a><br>
> > ABN: 84 008 812 322<br>
><br>
> --<br>
> James McDonald IT Services<br>
> 11/79 Earl St, Kew, VIC, 3101<br>
> Mob.: <a href="tel:%2B61%20428%20964%20633" value="+61428964633">+61 428 964 633</a><br>
> Email: <a href="mailto:james@jmits.com.au">james@jmits.com.au</a><br>
> ABN: 84 008 812 322<br>
</div></div>--<br>
C M Reinehr<br>
AMS Enterprises, LLC.<br>
323 Bibb St (36104)<br>
PO Box 20<br>
Montgomery AL 36101-0020<br>
<a href="tel:334-269-4358" value="+13342694358">334-269-4358</a> (Voice)<br>
<a href="tel:334-262-1706" value="+13342621706">334-262-1706</a> (Fax)<br>
<span class="">----<br>
Linux distribution Debian v8.5, "Jessie"<br>
------<br>
</span>"The spirit of resistance to government is so valuable on certain occasions<br>
that I wish it to be always kept alive. It will often be exercised when wrong,<br>
but better so than not to be exercised at all." -- Thomas Jefferson<br>
<div class="HOEnZb"><div class="h5">--------<br>
<br>
______________________________<wbr>_________________<br>
Linux-users mailing list<br>
<a href="mailto:Linux-users@linux-sxs.org">Linux-users@linux-sxs.org</a><br>
<a href="http://mailman.celestial.com/mailman/listinfo/linux-users" rel="noreferrer" target="_blank">http://mailman.celestial.com/<wbr>mailman/listinfo/linux-users</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px">James McDonald IT Services</span></div><div style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px">11/79 Earl St, Kew, VIC, 3101</span><br><span></span></div><div style="font-size:12.8000001907349px"><div style="font-size:12.8000001907349px">Mob.: +61 428 964 633<br></div><div style="font-size:12.8000001907349px">Email: <a href="mailto:james@jmits.com.au" target="_blank">james@jmits.com.au</a></div><div style="font-size:12.8000001907349px">ABN: 84 008 812 322</div></div></div></div></div></div></div></div></div></div></div></div>
</div>