thanks- we're running 9.14.8, courtesy of the isc ubuntu ppa [https://launchpad.net/~isc]:
>named -v BIND 9.14.8-Ubuntu (Stable Release) <id:5d87f66> >dpkg -s bind9 Package: bind9 Status: install ok installed Priority: optional Section: net Installed-Size: 872 Maintainer: Debian DNS Team <team+...@tracker.debian.org> Architecture: amd64 Version: 1:9.14.8-1+ubuntu19.10.1+isc+1 Replaces: bind (<< 1:9.13.6~) [...] Homepage: https://www.isc.org/downloads/bind/ does that mean in theory the version we're running would be new enough we shouldn't be seeing that particular symptom? thanks > On Apr 17, 2020, at 19.01, Mark Andrews <ma...@isc.org> wrote: > > They are almost certainly the result of running an older version of named and > packet loss > causing named to fallback to plain DNS which doesn’t return DNSSEC records. > Newer versions > of named don’t fallback to plain DNS on packet loss. > > 5029. [func] Workarounds for servers that misbehave when queried > with EDNS have been removed, because these broken > servers and the workarounds for their noncompliance > cause unnecessary delays, increase code complexity, > and prevent deployment of new DNS features. See > https://dnsflagday.net for further details. [GL #150] > > BIND 9.14.0 is the first non development version with this behaviour. > > Mark > >> On 18 Apr 2020, at 01:24, btb via bind-users <bind-users@lists.isc.org> >> wrote: >> >> hi- >> >> i'm seeing what i'm wondering if is a lot of "lame-servers: info: no valid >> RRSIG resolving ..." messages in the logs [on average ~500 messages per >> day]. a small snippet: >> >> 15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving >> 'jwplayer.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving >> 'tranet.net/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving >> 'inboxsdk.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving >> 'basis.net/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving >> 'starfinancial.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving >> 'vice.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving >> 'lithium.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving >> 'sc-static.net/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving >> 'snapchat.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving >> 'yimg.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving >> 'transamerica.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving >> 'quantummetric.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving >> 'tealiumiq.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving >> 'bounceexchange.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving >> 'mwefinancial.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving >> 'redditmedia.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving >> 'imtwjwoasak.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving >> 'b.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving >> 'jquery.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving >> 'forter.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving >> 'quovadisoffshore.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving >> 'quovadisglobal.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving >> 'mixpanel.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving >> 'spotify.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving >> 'freeform.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving >> 'edgedatg.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving >> 'footprintdns.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving >> 'qualifiedaddress.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving >> 'dc-msedge.net/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving >> 'facebook.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving >> 'pphosted.com/DS/IN': 192.5.6.30#53 >> >> a number of these [most?] are zones that are signed, and some don't even >> exist, so i'm curious about seeing these messages. what am i not >> understanding, and/or what can i do to troubleshoot further? >> >> thanks! _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
