This a report of a problem I solved but I feel the solution could be useful to other.
The problem appeared on a Raspbian 9.13. For some - probably hardware - reasons still to be discovered, my Raspberry pi-based router crashed and could not restart. I found it stuck on the raibow like image displayed when the Pi is just powered up.
Anyway, I restarted the Pi and everything worked as usual.
The only thing that did not work was Bind 9. The daemon was running but names resolution did not work.
I had a look at the following help : https://dnsinstitute.com/documentation/dnssec-guide/ch05s04.html because I found weird logs in /var/log/named/dnssec.log :
validating ./NS: verify failed due to bad signature (keyid=60955): RRSIG validity period has not begun
One possible solution I found was that, indeed, the time was not right : The pi displayed a time a good five hours in the past. Which explained why it found RRSIG validity in the future.
Thing is: it could not set its time right because it could not resolve the NTP servers name. Because name resolution did not work at all, because the time was not right.
Asked by David Verdin
(213 rep)
Jun 23, 2023, 09:17 AM
Last activity: Jun 25, 2023, 02:50 PM
Last activity: Jun 25, 2023, 02:50 PM