View Issue Details

IDProjectCategoryView StatusLast Update
0005819CentOS-6bindpublic2012-07-17 14:48
Status newResolutionopen 
Platformx64OSLinuxOS Version3.4.4
Product Version6.2 
Target VersionFixed in Version 
Summary0005819: dnssec stopped to work after named upgrade
Description(6.3 in product version missing)

dnssec stopped to work after named upgrade from 6.2 -> 6.3 on two servers.
I cant figure out why. I have my named chrooted.

Also an error is displayed when named are started:

# /etc/init.d/named start
ls: cannot access /var/named/chroot/etc/named: No such file or directory
mount: mount point /var/named/chroot/etc/named does not exist
Starting named: [ OK ]

As a workaround, to be able to resolve anything at all, I have turned off
dnssec. Its not just dnssec enabled zones that I cant resolve its EVERYTHING.
Just gets SERVFAIL.
Steps To ReproduceUpdate from 6.2 to 6.3
TagsNo tags attached.




2012-07-11 11:42

reporter   ~0015401

Got dnssec to work if I changed from
        bindkeys-file "/etc/named.root.key";
        bindkeys-file "/etc/named.iscdlv.key";

However, the error when starting named is still there.
named works however.


2012-07-11 19:10

reporter   ~0015409

bah, it stopped to work after the virt was suspended and enabled again.

Jul 11 20:27:28 gotcha named[11678]: error (must-be-secure) resolving '': 2001:500:2c::254#53
Jul 11 20:27:28 gotcha named[11678]: validating @0x7f9a3c015990: DNSKEY: must be secure failure, . is under DLV (startfinddlvsep)

I have disabled dnssec again.


2012-07-17 14:48

reporter   ~0015478

An interesting note: Exactly this problem with dnssec happend for an other person that used bind 9.8.1-P1 (ubuntu 12.04). I guess something in bind is BROKEN.

Issue History

Date Modified Username Field Change
2012-07-11 11:34 iocc New Issue
2012-07-11 11:42 iocc Note Added: 0015401
2012-07-11 19:10 iocc Note Added: 0015409
2012-07-17 14:48 iocc Note Added: 0015478