Hello!
Bind version: 9.16.19-1+ubuntu18.04.1+isc+1
Recently I discovered these logs:
09:13:12 named[3234]: _default: sending trust-anchor-telemetry query
'_ta-0000/NULL'
09:13:12 named[3234]: validating ./NSEC: no valid signature found
09:13:12 named[3234]: validating ./SOA: no valid signature found
09:13:12 named[3234]: validating ./NSEC: no valid signature found
09:13:12 named[3234]: validating ./SOA: no valid signature found
09:13:12 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN':
2001:503:ba3e::2:30#53
09:13:13 named[3234]: validating ./SOA: no valid signature found
09:13:13 named[3234]: validating ./NSEC: no valid signature found
09:13:13 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN': 2001:dc3::35#53
09:13:13 named[3234]: validating ./SOA: no valid signature found
09:13:13 named[3234]: validating ./NSEC: no valid signature found
09:13:13 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN': 2001:7fe::53#53
09:13:13 named[3234]: validating ./NSEC: no valid signature found
09:13:13 named[3234]: validating ./SOA: no valid signature found
09:13:13 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN':
2001:500:1::53#53
09:13:13 named[3234]: validating ./SOA: no valid signature found
09:13:13 named[3234]: validating ./NSEC: no valid signature found
09:13:13 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN':
2001:500:9f::42#53
09:13:13 named[3234]: validating ./SOA: no valid signature found
...
The config of the name server is authoritative-only, hence:
allow-recursion {
none;
};
May it be, that due to disabled recursion, these trust-anchor queries are
failing? Or what might be other reasons?
Thanks
Klaus
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
