Robert Moskowitz <r...@htt-consult.com> wrote: > I got tipped off about this from logwatch report. On my public DNS server had > the following: > > Feb 26 04:02:04 onlo named[19336]: validating @0xb2929ee0: in-addr.arpa SOA: > got insecure response; parent indicates it should be secure
Looks like something in your setup is dropping RRSIGs, and this is probably responsible for both your private htt. TLD validation problems and these in-addr.arpa validation problems. Do you all your servers have "dnssec-enable yes"? Do you have any non-BIND servers or middleboxes? Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
