Issue: No DNS lookups for external domains anymore, resolving internal domains works correctly
Error: "(network unreachable) resolving 'dlv.isc.org/DNSKEY/IN"
Solution: check the current date and time on the server and adjust it.
Issue: DNS requests for FQDN's outside of my LAN are not resolved anymore.
Error:
Jun 16 18:41:11 alpedhuez named[13832]: validating @0x7f32c43d00a0: . NS: got insecure response; parent indicates it should be secure
Jun 16 18:41:11 alpedhuez named[13832]: error (insecurity proof failed) resolving './NS/IN': 10.0.1.254#53
Jun 16 18:41:11 alpedhuez named[13832]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for 'dlv.isc.org': success
Jun 16 18:41:11 alpedhuez named[13832]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
Jun 16 18:41:11 alpedhuez named[13832]: /var/named/dynamic/managed-keys.bind.jnl: create: file not found
Jun 16 18:41:11 alpedhuez named[13832]: managed-keys-zone ./IN: keyfetch_done:dns_journal_open -> unexpected error
Jun 16 18:41:11 alpedhuez named[13832]: validating @0x7f32c43cd070: . NS: no valid signature found
Jun 16 18:41:11 alpedhuez named[13832]: error (no valid RRSIG) resolving './NS/IN': 192.58.128.30#53
Jun 16 18:41:11 alpedhuez named[13832]: validating @0x7f32c43cd070: . NS: no valid signature found
Jun 16 18:41:13 alpedhuez named[13832]: error (no valid RRSIG) resolving './NS/IN': 192.203.230.10#53
Jun 16 18:41:14 alpedhuez named[13832]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
…
Jun 16 18:41:13 alpedhuez named[13832]: validating @0x7f32c43cd070: . NS: no valid signature found
Jun 16 18:41:13 alpedhuez named[13832]: error (no valid RRSIG) resolving './NS/IN': 192.203.230.10#53
Jun 16 18:41:14 alpedhuez named[13832]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
Jun 16 18:41:14 alpedhuez named[13832]: error (network unreachable) resolving './NS/IN': 2001:7fd::1#53
Solution:
I don't konw the solution, but I do know it is related to dnssec. I disabled dnssec in my named.conf as a workaround:
dnssec-validation no;
Maybe someone else can explain this to me?
Before I can help you, What flavor of Linux? Was any files editied in /var/named directory, or /etc/named.conf file?