Finding dnssec validation failures in the logs
John Thurston
john.thurston at alaska.gov
Tue Jan 24 00:44:46 UTC 2023
On a resolver running ISC BIND 9.16.36 with "dnssec-validation auto;" I
am writing "category dnssec" to a log file at "severity info;" When I
look in the resulting log file, I'm guessing that lines like this:
validating com/SOA: got insecure response; parent indicates it should be
secure
Are an indication I have a problem I should investigate.
My question is: Are there other strings I should be reacting to in that log?
I interpret the many lines like this:
validating wunderkind.co/SOA: no valid signature found
to mean "We looked for signing information for wunderkind.co and found
none. That's cool, we didn't expect them to be."
--
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230123/3de5b9df/attachment.htm>
More information about the bind-users
mailing list