in-addr.arpa insecure?
Tony Finch
dot at dotat.at
Fri Mar 1 13:57:16 UTC 2013
Robert Moskowitz <rgm at htt-consult.com> wrote:
> I got tipped off about this from logwatch report. On my public DNS server had
> the following:
>
> Feb 26 04:02:04 onlo named[19336]: validating @0xb2929ee0: in-addr.arpa SOA:
> got insecure response; parent indicates it should be secure
Looks like something in your setup is dropping RRSIGs, and this is
probably responsible for both your private htt. TLD validation problems
and these in-addr.arpa validation problems. Do you all your servers have
"dnssec-enable yes"? Do you have any non-BIND servers or middleboxes?
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the bind-users
mailing list