Unusual DNSSEC errors involving g.gtld-servers.net
Rob Leslie
rob at mars.org
Tue Feb 28 23:54:43 UTC 2012
Hello all,
Recently I’ve started getting numerous errors in my logs of the form:
Feb 24 15:12:50 server named[3511]: validating @0xb8976b78: com SOA: got insecure response; parent indicates it should be secure
Feb 24 15:12:50 server named[3511]: error (no valid RRSIG) resolving 'google.com/DS/IN': 192.42.93.30#53
These errors have occurred while attempting to resolve many different domains (always under com or net), have occurred on several independent nameservers, always involve SOA/DS RR types, and always mention 192.42.93.30 (g.gtld-servers.net).
The above date and time appears to be one of the earliest occurrences, but it has been occurring consistently, about a few times per hour, ever since.
I’ve not noticed any problems with DNS resolution, and validation otherwise seems to be working normally.
Can anyone point me in the right direction to help me understand what is causing this?
Thanks,
--
Rob Leslie
rob at mars.org
More information about the bind-users
mailing list