I recently upgraded my Fedora 10 server to Fedora 11 and am getting the following error in my DNS/named config.

named[27685]: not insecure resolving 'fedoraproject.org/A/IN: 212.104.130.65#53

This only shows for certain addresses some are resolved fine and I can ping and browse to them fine, while others produce the error above.

This is my named.conf file

acl trusted-servers { 192.168.1.10;  };

options {
directory "/var/named";
forwarders {212.104.130.9 ; 212.104.130.65; };
forward only; 

    allow-transfer {
        127.0.0.1;
};
#   dnssec-enable yes;
#   dnssec-validation yes;
#   dnssec-lookaside . trust-anchor dlv.isc.org.;



};




# Forward Zone for hughes.lan domain
zone "funkygoth" IN {
        type master;
        file "funkygoth.zone";
allow-transfer { trusted-servers; };
};

# Reverse Zone for hughes.lan domain
zone "1.168.192.in-addr.arpa" IN {
        type master;
        file "1.168.192.zone";
};

include "/etc/named.dnssec.keys";
include "/etc/pki/dnssec-keys/dlv/dlv.isc.org.conf";
include "/etc/pki/dnssec-keys//named.dnssec.keys";
include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";

Anyone know what I have set wrong here?


Solution 1:

Looks like a DNSSEC problem but is commented in your config file. You need to check if is enabled for Bind:

dnssec-configure -s -b

DNSSEC has been included in Fedora 11: http://fedoraproject.org/wiki/Features/DNSSEC