I recently upgraded my Fedora 10 server to Fedora 11 and am getting the following error in my DNS/named config.
named[27685]: not insecure resolving 'fedoraproject.org/A/IN: 212.104.130.65#53
This only shows for certain addresses some are resolved fine and I can ping and browse to them fine, while others produce the error above.
This is my named.conf file
acl trusted-servers { 192.168.1.10; };
options {
directory "/var/named";
forwarders {212.104.130.9 ; 212.104.130.65; };
forward only;
allow-transfer {
127.0.0.1;
};
# dnssec-enable yes;
# dnssec-validation yes;
# dnssec-lookaside . trust-anchor dlv.isc.org.;
};
# Forward Zone for hughes.lan domain
zone "funkygoth" IN {
type master;
file "funkygoth.zone";
allow-transfer { trusted-servers; };
};
# Reverse Zone for hughes.lan domain
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.zone";
};
include "/etc/named.dnssec.keys";
include "/etc/pki/dnssec-keys/dlv/dlv.isc.org.conf";
include "/etc/pki/dnssec-keys//named.dnssec.keys";
include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";
Anyone know what I have set wrong here?
Answer
Looks like a DNSSEC problem but is commented in your config file. You need to check if is enabled for Bind:
dnssec-configure -s -b
DNSSEC has been included in Fedora 11: http://fedoraproject.org/wiki/Features/DNSSEC
No comments:
Post a Comment