From SpectLog
Jump to: navigation, search

Default BIND installation on CentOS could not resolve some known hostnames. However, it did work for most of the other sites. The configuration used forwarding which resulted in the error (/var/log/messages) similar to this:

Dec 14 12:21:33 master named[4280]: error (no valid RRSIG) resolving 'example.com/DS/IN': 192.168.122.1#53
Dec 14 12:21:33 master named[4280]: error (no valid DS) resolving 'example.com/A/IN': 192.168.122.1#53

The problem was enabled DNSSEC on the local BIND server. It refused to return non-validated answers. In order to switch it off, modify /etc/named.conf to use these lines:

dnssec-enable no;
dnssec-validation no;