On Tue, 2020-10-20 at 14:42 +0200, Marcus Meissner wrote:
Hi,
On Tue, Oct 20, 2020 at 02:29:39PM +0200, cagsm wrote:
Apparently there was some bind (named) update last night or yesterday. Today my internet and routing works fine on 15.2, but a locally installed named (bind) does not resolve anything any more.
I actually use it only in a very simple way, no zones defined or anything, just a kind of cache or resolver that talks to the root nameservers and going down the tree of nameservers to look up dns entries.
journalctl -u named.service
constantly shows messages about no valid RRSIG ... no valid signature found.
I can not nslookup anything using this bind on 127.0.0.1 I suppose this has something got to do with DNSSEC or such stuff? how come a simple security update or patch suddenly activates such a harsh feature midstream in 15.2? or are some root anchors or whatever such stuff missing from the opensuse leap 15.2 update/patch package missing or something?
I can nslookup fine using the ip address of my local broadband router of the ISP i use or with the help of outside resolvers/forwarders e.g. dns.google. or such services in the public.
any quick remedy? thanks lots.
We updated bind as we had a lot of requests for a modern version. :/
The last bind update currently enforces DNSSEC usage.
try in.
/etc/named.conf
dnssec-enable no;
Ciao, Marcus
I don't think that dnssec-enable works anymore. This works for me on my Ubuntu 20.04 server /etc/bind/named.conf.options dnssec-validation no; Mark -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org