Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

BIND fails to start

Symptom: BIND exits immediately or logs errors about configuration. Solutions:
  1. Check configuration syntax: /usr/local/sbin/named-checkconf /usr/local/etc/named.conf
  2. Verify zone file syntax: /usr/local/sbin/named-checkzone unicom.com /var/named/unicom.com.db.signed
  3. Review BIND logs: tail -f /var/log/named/default.log

Zone signing fails

Symptom: dnssec-signzone returns errors about missing keys or HSM access. Solutions:
  1. Verify PKCS#11 environment variables are set correctly: echo PKCS11_MODULEechoPKCS11\_MODULE echo PKCS11_PIN
  2. Confirm keys exist on the HSM: pkcs11-tool —module /usr/local/lib/fxpkcs11/libfxpkcs11.so -O
  3. Check key file permissions in /usr/local/etc/keys/unicom.com: ls -la /usr/local/etc/keys/unicom.com

DNSSEC validation fails

Symptom: dig queries return SERVFAIL or lack RRSIG records. Solutions:
  1. Verify zone is signed: grep RRSIG /var/named/unicom.com.db.signed
  2. Confirm BIND is serving the signed zone file (check named.conf)
  3. Verify DS records are published in parent zone: dig unicom.com DS +trace