Finally I caught one query/server that produces the ". SOA: got insecure
response; parent indicates it should be secure" log each time:
"dig @ns ladeco.com. MX" does this every time, where ns runs bind
9.7.1-P2, with only the root TA configured.
The server serving tha
Mark,
> Named has to deal with multually incompatible senarios. DNSSEC
> which requires EDNS and nameservers and firewalls which drop EDNS
> requests so named has to turn off EDNS to get answers back.
> Occasionally a set of answers will take too long to get back to
> named or are lost due to net
security proof failed
>> > 21-Jul-2010 08:52:27.929 dnssec: info: validating @0x134fe7e8: . SOA:
>> > got insecure response; parent indicates it should be secure
>>
>> I've seen this for various top-level domains for which I have trust
>> an
27.929 dnssec: debug 3: validating @0x134fe7e8: .
> > SOA: attempting insecurity proof
> > 21-Jul-2010 08:52:27.929 dnssec: debug 3: validating @0x134fe7e8: .
> > SOA: insecurity proof failed
> > 21-Jul-2010 08:52:27.929 dnssec: info: validating @0x134fe7e8: . SOA:
>
dnssec: debug 3: validating @0x134fe7e8: .
> SOA: insecurity proof failed
> 21-Jul-2010 08:52:27.929 dnssec: info: validating @0x134fe7e8: . SOA:
> got insecure response; parent indicates it should be secure
I've seen this for various top-level domains for which I have trust
ancho
08:52:27.929 dnssec: info: validating @0x134fe7e8: . SOA:
got insecure response; parent indicates it should be secure
Otherwise validation just works fine and mostly I see these:
validating @0x134fe7e8: . SOA: marking as secure, noqname proof not needed
Following an earlier comment on this list
6 matches
Mail list logo
