Troubleshooting

bind fails to start symptom bind exits immediately or logs errors about configuration solutions check configuration syntax /usr/local/sbin/named checkconf /usr/local/etc/named conf verify zone file syntax /usr/local/sbin/named checkzone unicom com /var/named/unicom com db signed review bind logs tail f /var/log/named/default log zone signing fails symptom dnssec signzone returns errors about missing keys or hsm access solutions verify pkcs#11 environment variables are set correctly echo $pkcs11 module echo $pkcs11 pin confirm keys exist on the hsm pkcs11 tool module /usr/local/lib/fxpkcs11/libfxpkcs11 so o check key file permissions in /usr/local/etc/keys/unicom com ls la /usr/local/etc/keys/unicom com dnssec validation fails symptom dig queries return servfail or lack rrsig records solutions verify zone is signed grep rrsig /var/named/unicom com db signed confirm bind is serving the signed zone file (check named conf) verify ds records are published in parent zone dig unicom com ds +trace