9.6.1-P1 log message
Jeremy C. Reed
jreed at isc.org
Tue Aug 25 15:58:54 UTC 2009
On Tue, 25 Aug 2009, David Forrest wrote:
> What do I have to do to correct whatever is causing this log message from
> named (9.6.1-P1-RedHat-9.6.1-4.P1.fc11)?
>
> validating @0x7f9f2c60c200: dns1.registeredsite.com.dlv.isc.org DS: must be
> secure failure
May need more context for this (like higher debug level for DNSSEC
category). (I have patches for improving the DNSSEC logging which are
planned for upcoming BIND release.)
This may be:
"must be secure failure, no DS and this is a delegation"
"must be secure failure, key is insecure, so mark the data as insecure
also."
"must be secure failure, no supported algorithm/digest (dlv)"
"must be secure failure (DS)"
"must be secure failure, no supported algorithm/digest (DS)"
"must be secure failure, DLV lookup from a DLV subdomain"
"must be secure failure, DLV lookup from a DLV subdomain?"
"must be secure failure, not beneath secure root"
"must be secure failure at '%s', can't fall back to DLV"
"must be secure failure, no DS at zone cut (zone)"
"must be secure failure, is a delegation but no DS at zone cut (cache)"
"must be secure failure, no supported algorithm/digest (%s/DS)"
Sorry this probably doesn't help much.
More information about the bind-users
mailing list