apt-get 更新中に信頼チェーンが壊れる

tag-icon tag-icon ubuntu apt-get
apt-get 更新中に信頼チェーンが壊れる

今朝、サーバーを再起動したのですが、次の作業中に問題が見つかりましたapt-get update:

Err:1 http://hwraid.le-vert.net/ubuntu xenial InRelease
  Could not resolve 'hwraid.le-vert.net'
Err:2 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease                                        
  Could not resolve 'ppa.launchpad.net'
Err:3 http://us.archive.ubuntu.com/ubuntu xenial InRelease                                                    
  Could not resolve 'us.archive.ubuntu.com'
Err:4 http://ppa.launchpad.net/ondrej/php/ubuntu xenial InRelease           
  Could not resolve 'ppa.launchpad.net'
Err:5 http://security.ubuntu.com/ubuntu xenial-security InRelease      
  Could not resolve 'security.ubuntu.com'
Err:6 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease     
  Could not resolve 'us.archive.ubuntu.com'
Err:7 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease
  Could not resolve 'us.archive.ubuntu.com'
Err:8 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 InRelease
  Could not resolve 'repo.mongodb.org'
Err:9 https://download.docker.com/linux/ubuntu xenial InRelease
  Could not resolve host: download.docker.com
Err:10 https://deb.nodesource.com/node_8.x xenial InRelease
  Could not resolve host: deb.nodesource.com
Reading package lists... Done
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial/InRelease  Could not resolve 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease  Could not resolve 'us.archive.ubuntu.com'
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-backports/InRelease  Could not resolve 'us.archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease  Could not resolve 'security.ubuntu.com'
W: Failed to fetch https://download.docker.com/linux/ubuntu/dists/xenial/InRelease  Could not resolve host: download.docker.com
W: Failed to fetch http://hwraid.le-vert.net/ubuntu/dists/xenial/InRelease  Could not resolve 'hwraid.le-vert.net'
W: Failed to fetch http://ppa.launchpad.net/certbot/certbot/ubuntu/dists/xenial/InRelease  Could not resolve 'ppa.launchpad.net'
W: Failed to fetch http://repo.mongodb.org/apt/ubuntu/dists/xenial/mongodb-org/3.2/InRelease  Could not resolve 'repo.mongodb.org'
W: Failed to fetch https://deb.nodesource.com/node_8.x/dists/xenial/InRelease  Could not resolve host: deb.nodesource.com
W: Failed to fetch http://ppa.launchpad.net/ondrej/php/ubuntu/dists/xenial/InRelease  Could not resolve 'ppa.launchpad.net'
W: Some index files failed to download. They have been ignored, or old ones used instead.

これは大した問題ではありません。一般的な問題と修正方法はわかっておりapt、いくつか試してみましたが、トラブルシューティング中に興味深いことに遭遇しました。更新を実行するたびに、syslog次のメッセージが表示されます。

Dec 10 09:11:37 magic named[2715]: validating _http._tcp.us.archive.ubuntu.com/SRV: bad cache hit (com/DS)
Dec 10 09:11:37 magic named[2715]: broken trust chain resolving '_http._tcp.us.archive.ubuntu.com/SRV/IN': 10.0.2.1#53
Dec 10 09:11:37 magic named[2715]: validating _http._tcp.repo.mongodb.org/SRV: bad cache hit (org/DS)
Dec 10 09:11:37 magic named[2715]: broken trust chain resolving '_http._tcp.repo.mongodb.org/SRV/IN': 10.0.2.1#53
Dec 10 09:11:37 magic named[2715]: validating _http._tcp.ppa.launchpad.net/SRV: bad cache hit (net/DS)
Dec 10 09:11:37 magic named[2715]: broken trust chain resolving '_http._tcp.ppa.launchpad.net/SRV/IN': 10.0.2.1#53
Dec 10 09:11:37 magic named[2715]: validating _http._tcp.hwraid.le-vert.net/SRV: bad cache hit (net/DS)
Dec 10 09:11:37 magic named[2715]: broken trust chain resolving '_http._tcp.hwraid.le-vert.net/SRV/IN': 10.0.2.1#53
Dec 10 09:11:37 magic named[2715]: validating _http._tcp.security.ubuntu.com/SRV: bad cache hit (com/DS)
Dec 10 09:11:37 magic named[2715]: broken trust chain resolving '_http._tcp.security.ubuntu.com/SRV/IN': 10.0.2.1#53
Dec 10 09:11:37 magic named[2715]: validating deb.nodesource.com/A: bad cache hit (com/DS)
Dec 10 09:11:37 magic named[2715]: broken trust chain resolving 'deb.nodesource.com/A/IN': 10.0.2.1#53
Dec 10 09:11:37 magic named[2715]: validating download.docker.com/CNAME: bad cache hit (com/DS)
Dec 10 09:11:37 magic named[2715]: broken trust chain resolving 'download.docker.com/A/IN': 10.0.2.1#53
...

これが何を意味するのか全く分かりませんし、Google で検索しても今のところ役に立ちません。これはどういう意味ですか、どうすれば正常に修正できますか?

答え1

「解決できませんでした」は、DNS 解決の問題が発生していることを示しており、その結果、信頼チェーンが壊れています。DNS 設定を調べてください。pingドメイン名 (IP アドレスではありません) を簡単に実行すれば、この理論を確認できます。ping us.archive.ubuntu.comたとえば、試してみてください。

関連情報