Fix Bind error (broken trust chain) resolving

August 22, 2012 at 08:21 PM | categories: Tips, RHEL, Centos, DNS, Linux | View Comments

This Bind named issue results in queries failing and log messages such as the following being logged

error (no valid KEY) resolving 'dlv.isc.org/DNSKEY/IN': 156.154.101.23#53
error (broken trust chain) resolving './NS/IN': 193.0.14.129#53

The issue is caused by the date on the system falling out of sync, which causes DLV validation to fail.

This issue can be fixed by doing the following on Centos / RHEL.

ntpdate ntp.pool.org
hwclock --systohc
rm /var/named/dynamic/managed-keys.bind*
service named restart

Name resolution so now work without any issues.

blog comments powered by Disqus