DNSSEC error resolving gpo.gov ?
Tim Maestas
tmaestas95 at gmail.com
Wed Mar 15 00:14:11 UTC 2023
On Tue, Mar 14, 2023 at 4:34 PM Mark Andrews <marka at isc.org> wrote:
>
>
> > On 15 Mar 2023, at 02:08, Alexandra Yang <drayales at gmail.com> wrote:
> >
> > Hi Group,
> >
> > I wonder if anyone can shed some light on this, our nameserver(BIND
> 9.16.37 )keeps giving error on resolving gpo.gov and ns3.gpo.gov, here
> are the errors:
> >
> > Mar 14 10:23:32 ipam-dns-in-1 named[3713]: validating gpo.gov/SOA:
> got insecure response; parent indicates it should be secure
>
> For some reason you are not getting signed responses. Are you using a
> forwarder?
>
> For what it's worth, I keep getting:
Mar 14 23:59:56 cl-dns1 named[19640]: view Caching: validating
federalregister.gov/SOA: got insecure response; parent indicates it should
be secure
Mar 14 23:59:56 cl-dns1 named[19640]: no valid RRSIG resolving '
www.federalregister.gov/DS/IN': 162.140.254.200#53
Mar 14 23:59:56 cl-dns1 named[19640]: view Caching: validating
federalregister.gov/SOA: got insecure response; parent indicates it should
be secure
Mar 14 23:59:56 cl-dns1 named[19640]: no valid RRSIG resolving '
www.federalregister.gov/DS/IN': 162.140.15.100#53
Mar 14 23:59:56 cl-dns1 named[19640]: broken trust chain resolving '
www.federalregister.gov/A/IN': 162.140.15.100#53
..no forwarders in use. At some point the domain starts to validate as my
NTAs drop out unless I use -force, but then it starts to fail again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230314/4141817f/attachment.htm>
More information about the bind-users
mailing list