Stop of logging of No Valid Signature Found
Casey Deccio
casey at deccio.net
Mon Feb 25 19:00:43 UTC 2013
On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz <rgm at htt-consult.com>wrote:
> Yes, I know lots of places don't have DNSSEC signed zones. **I** have not
> done mine yet, but I turned on DNSSEC checking on my server and I am
> getting all too many messages like:
>
> validating @0xb4247b50: 117.in-addr.arpa NSEC: no valid signature
> found: 1 Time(s)
> validating @0xb4247b50: 117.in-addr.arpa SOA: no valid signature
> found: 1 Time(s)
>
Yes, but 117.in-addr.arpa *is* signed [1], so if you're not getting
signatures, that's problematic.
> How can I stop the logging of only " no valid signature found"? So I can
> watch for more meaningful events and not so quickly grow /var/log/messages?
>
Logging can be tuned on a per-category (e.g., DNSSEC) basis, including the
location to which log messages are sent (e.g., file, syslog, etc.). See
the section on logging in the BIND 9 Configuration Reference for more
information on how to do this [2].
Casey
[1] http://dnsviz.net/d/117.in-addr.arpa/USuy_w/dnssec/
[2] http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130225/fa6b7572/attachment.html>
More information about the bind-users
mailing list