error (insecurity proof failed) resolving './DS/IN'

Brian J. Murrell Mon, 23 Mar 2015 05:20:59 -0700

Trying to follow an example I found of manually verifying a name's
DNSSEC records I did the following:


# dig . DNSKEY | grep -Ev '^($|;)' > root.keys
# dig +sigchase +trusted-key=./root.keys www.eurid.eu. A

That resulted in some errors but more importantly the following in my
syslog:

Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 192.33.4.12#53
Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 192.203.230.10#53
Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 192.58.128.30#53
Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 192.112.36.4#53
Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 192.228.79.201#53
Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 193.0.14.129#53
Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 192.5.5.241#53
Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 2001:503:ba3e::2:30#53
Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 128.63.2.53#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 192.36.148.17#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 2001:500:3::42#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 2001:dc3::35#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 2001:503:c27::2:30#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 2001:7fd::1#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 2001:500:2f::f#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 198.41.0.4#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 2001:500:1::803f:235#53
Mar 23 08:11:18 linux named[19256]: error (insecurity proof failed) resolving 
'./DS/IN': 2001:500:84::b#53

I'm really not sure why though.

I'm using

BIND 9.8.1-P1

built with '--prefix=/usr' '--mandir=/usr/share/man' 
'--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' 
'--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' 
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' 
'--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE 
-O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 
'CPPFLAGS=-D_FORTIFY_SOURCE=2'

Any ideas on what this is or what more information I can provide to help
chase it down?

Cheers,
b.

signature.asc
Description: This is a digitally signed message part

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

error (insecurity proof failed) resolving './DS/IN'

Reply via email to