Trying to follow an example I found of manually verifying a name's DNSSEC records I did the following:
# dig . DNSKEY | grep -Ev '^($|;)' > root.keys # dig +sigchase +trusted-key=./root.keys www.eurid.eu. A That resulted in some errors but more importantly the following in my syslog: Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.33.4.12#53 Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.203.230.10#53 Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.58.128.30#53 Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.112.36.4#53 Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.228.79.201#53 Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 193.0.14.129#53 Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.5.5.241#53 Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:503:ba3e::2:30#53 Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 128.63.2.53#53 Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.36.148.17#53 Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:500:3::42#53 Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:dc3::35#53 Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:503:c27::2:30#53 Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:7fd::1#53 Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:500:2f::f#53 Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 198.41.0.4#53 Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:500:1::803f:235#53 Mar 23 08:11:18 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:500:84::b#53 I'm really not sure why though. I'm using BIND 9.8.1-P1 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' Any ideas on what this is or what more information I can provide to help chase it down? Cheers, b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users