I looked in logs of my resolver in my home network and see a similar message from January 6th:
06-Jan-2023 17:09:23.677 dnssec: info: validating in-addr.arpa/SOA: got insecure response; parent indicates it should be secure I interpret that to mean that someone’s DNS is misconfigured. I guess it could mean someone is trying to serve up wrong answers ... Found many lines of 'no valid signature found’ I think you are probably OK. > On Jan 23, 2023, at 7:44 PM, John Thurston <john.thurs...@alaska.gov> wrote: > > On a resolver running ISC BIND 9.16.36 with "dnssec-validation auto;" I am > writing "category dnssec" to a log file at "severity info;" When I look in > the resulting log file, I'm guessing that lines like this: > validating com/SOA: got insecure response; parent indicates it should be > secure > Are an indication I have a problem I should investigate. > My question is: Are there other strings I should be reacting to in that log? > > I interpret the many lines like this: > validating wunderkind.co/SOA: no valid signature found > to mean "We looked for signing information for wunderkind.co and found none. > That's cool, we didn't expect them to be." > -- > -- > Do things because you should, not just because you can. > > John Thurston 907-465-8591 > john.thurs...@alaska.gov > Department of Administration > State of Alaska > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
