Bug#693587: bind9: stop resolving

Sun, 21 Jan 2018 00:28:22 -0800 

Control: -1 DNSSEC validation fails on system resume

On Nov 18, Florian Weimer <f...@deneb.enyo.de> wrote:

> Is your system clock correct?
> 
> I wonder if this is a clock issue, or if BIND incorrectly marks the
> DLV servers as dead.
The clock is correct and this is not related to DLV.
Most of the times my laptop resumes some domains fail to resolve.
It is running a full non-forwarding validator.
I think that this started a few months ago.
rndc flush fixes it.

E.g.:

Jan 21 08:45:05 bongo systemd-sleep[32175]: System resumed.
[...]
Jan 21 08:45:11 bongo named[10955]:   validating it/SOA: got insecure response; 
parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]: message repeated 10 times: [   validating 
it/SOA: got insecure response; parent indicates it should be secure]
Jan 21 08:45:11 bongo named[10955]:   validating org/SOA: got insecure 
response; parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]:   validating it/SOA: got insecure response; 
parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]: validating attila.bofh.it/AAAA: bad cache 
hit (bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]: validating attila.bofh.it/A: bad cache hit 
(bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]:   validating bofh.it/SOA: bad cache hit 
(bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]:   validating bofh.it/SOA: bad cache hit 
(bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]:   validating org/SOA: got insecure 
response; parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]:   validating bofh.it/SOA: bad cache hit 
(bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]:   validating bofh.it/SOA: bad cache hit 
(bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]:   validating org/SOA: got insecure 
response; parent indicates it should be secure
Jan 21 08:45:11 bongo named[10955]: message repeated 3 times: [   validating 
org/SOA: got insecure response; parent indicates it should be secure]
Jan 21 08:45:11 bongo named[10955]: validating rss.slashdot.org/CNAME: bad 
cache hit (slashdot.org/DS)
Jan 21 08:45:11 bongo named[10955]: validating rss.slashdot.org/CNAME: bad 
cache hit (slashdot.org/DS)
Jan 21 08:45:11 bongo named[10955]:   validating bofh.it/SOA: bad cache hit 
(bofh.it/DS)
Jan 21 08:45:11 bongo named[10955]:   validating bofh.it/SOA: bad cache hit 
(bofh.it/DS)

> Is it possible that you can share the output of "rndc dumpdb"?
I will try to get on the next time.

-- 
ciao,
Marco

Attachment: signature.asc
Description: PGP signature

Reply via email to