"lame-servers: info: no valid RRSIG resolving ..."

btb btb at bitrate.net
Fri Apr 17 23:10:44 UTC 2020 

thanks-

we're running 9.14.8, courtesy of the isc ubuntu ppa [https://launchpad.net/~isc]:

>named -v
BIND 9.14.8-Ubuntu (Stable Release) <id:5d87f66>

>dpkg -s bind9
Package: bind9
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 872
Maintainer: Debian DNS Team <team+dns at tracker.debian.org>
Architecture: amd64
Version: 1:9.14.8-1+ubuntu19.10.1+isc+1
Replaces: bind (<< 1:9.13.6~)
[...]
Homepage: https://www.isc.org/downloads/bind/

does that mean in theory the version we're running would be new enough we shouldn't be seeing that particular symptom?

thanks

> On Apr 17, 2020, at 19.01, Mark Andrews <marka at isc.org> wrote:
> 
> They are almost certainly the result of running an older version of named and packet loss
> causing named to fallback to plain DNS which doesn’t return DNSSEC records.  Newer versions
> of named don’t fallback to plain DNS on packet loss.
> 
> 5029.   [func]          Workarounds for servers that misbehave when queried
>                        with EDNS have been removed, because these broken
>                        servers and the workarounds for their noncompliance
>                        cause unnecessary delays, increase code complexity,
>                        and prevent deployment of new DNS features. See
>                        https://dnsflagday.net for further details. [GL #150]
> 
> BIND 9.14.0 is the first non development version with this behaviour.
> 
> Mark
> 
>> On 18 Apr 2020, at 01:24, btb via bind-users <bind-users at lists.isc.org> wrote:
>> 
>> hi-
>> 
>> i'm seeing what i'm wondering if is a lot of "lame-servers: info: no valid RRSIG resolving ..." messages in the logs [on average ~500 messages per day].  a small snippet:
>> 
>> 15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving 'jwplayer.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving 'tranet.net/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving 'inboxsdk.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving 'basis.net/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving 'starfinancial.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving 'vice.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving 'lithium.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving 'sc-static.net/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving 'snapchat.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving 'yimg.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving 'transamerica.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving 'quantummetric.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving 'tealiumiq.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving 'bounceexchange.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving 'mwefinancial.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving 'redditmedia.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving 'imtwjwoasak.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving 'b.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving 'jquery.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving 'forter.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving 'quovadisoffshore.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving 'quovadisglobal.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving 'mixpanel.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving 'spotify.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving 'freeform.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving 'edgedatg.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving 'footprintdns.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving 'qualifiedaddress.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving 'dc-msedge.net/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving 'facebook.com/DS/IN': 192.5.6.30#53
>> 15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving 'pphosted.com/DS/IN': 192.5.6.30#53
>> 
>> a number of these [most?] are zones that are signed, and some don't even exist, so i'm curious about seeing these messages.  what am i not understanding, and/or what can i do to troubleshoot further?
>> 
>> thanks!

More information about the bind-users mailing list