[OpenIndiana-discuss] Recent problem with DNS resolution (DNSSEC/NTP)

[russell]

Hi,

I tried using OpenIndiana today and found that I could not resolve 
internet addresses using DNS using my local DNS server. Investigating 
using dig I found that I could perform any internet resolution so using 
dig @8.8.8.8 ftp.internic.net and resolve the IP address correctly, 
however if I performed a dig @8.8.8.8 ftp.internic.net +trace then dig 
would core dump!

Checking the bind logs I found the details below, eventually I realised 
that the time was wrong from the logs it should have been 21-April-2012.

19-Apr-2012 16:15:16.151 dnssec: info:       validating @894bea0: org 
DNSKEY: bad cache hit (org/DS)
19-Apr-2012 16:15:16.151 lame-servers: info: broken trust chain 
resolving 'versioncheck.addons.mozilla.org/A/IN': 63.245.212.5#53
19-Apr-2012 16:15:16.152 queries: info: client 192.168.2.110#62769: 
query: versioncheck.addons.mozilla.org IN A +
19-Apr-2012 16:15:16.200 dnssec: info:       validating @894bea0: org 
DNSKEY: bad cache hit (org/DS)
19-Apr-2012 16:15:16.200 lame-servers: info: broken trust chain 
resolving 'versioncheck.addons.mozilla.org/A/IN': 63.245.212.5#53
19-Apr-2012 16:15:16.201 queries: info: client 127.0.0.1#51772: query: 
versioncheck.addons.mozilla.org.newlife.local IN A +


So after correcting the date and time on my computer, DNS resolution 
started working and then the NTP servers could be resolved correctly. I 
will make sure that I put at least two IP addresses in the NTP 
configuration as I previously used only FDQNs. However this raises the 
question why did OpenIndiana not use the internal system clock to set 
the date and time correctly?