Not having dipped my toe into DNSSEC yet (yes, I know, but time is always so scarce)...
So I am seeing a bunch of this sort of thing in my BIND logs now: 04:02:18 named validating @0xb0f58988: 124.in-addr.arpa SOA: no valid signature found 04:02:18 named validating @0xb0f58988: 124.in-addr.arpa NSEC: no valid signature found 04:02:18 named validating @0xb0f58988: 227.124.in-addr.arpa NSEC: no valid signature found 04:03:30 named validating @0xb0f58988: net SOA: no valid signature found 04:03:30 named validating @0xb0f58988: a1rt98bs5qgc9nfi51s9hci47uljg6jh.net NSEC3: no valid signature found 04:03:30 named validating @0xb0f58988: 5VI63OJ105LD6R767I45IDJR5Q55T1R1.net NSEC3: no valid signature found 04:03:30 named validating @0xb0f58988: EEE0K4ONQCCHCJQTQ5VJD52NKJTEHAJN.net NSEC3: no valid signature found 04:03:30 named validating @0xb0f4d8c0: uk SOA: no valid signature found 04:03:30 named validating @0xb21ea7c0: u1fmklfv3rdcnamdc64sekgcdp05bbiu.uk NSEC3: no valid signature found 04:03:30 named validating @0xb0f67990: pl SOA: no valid signature found 04:03:30 named validating @0xb18914a0: RVLFSE0643QVHS3RI8VPKGANFBCJVJ06.pl NSEC3: no valid signature found 04:03:31 named validating @0xb0f949d0: GSV9U2BOSCL9B9TQAL1UAV4BNVI9EVUE.pl NSEC3: no valid signature found 04:03:31 named validating @0xb21cc520: org SOA: no valid signature found 04:03:31 named validating @0xb18f2c08: org SOA: no valid signature found 04:03:31 named validating @0xb21ea7c0: fk47636n6psb8mv7rdu6tpdhas69cbjp.org NSEC3: no valid signature found 04:03:31 named validating @0xb0fe6528: h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org NSEC3: no valid signature found 04:03:31 named validating @0xb0f61960: h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org NSEC3: no valid signature found 04:03:31 named validating @0xb21cc520: 4rkhv4s4situ82j70sp5tq5utm12o2t8.org NSEC3: no valid signature found 04:03:31 named validating @0xb18f2c08: ic8a82pge1m0qdob5sce1e3613hqr7br.org NSEC3: no valid signature found 04:03:31 named validating @0xb0f949d0: h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org NSEC3: no valid signature found 04:03:31 named validating @0xb0f949d0: vai6s58iqmjmin7ju8mq61aju3q4ms5h.org NSEC3: no valid signature found 04:03:31 named validating @0xb0f949d0: org SOA: no valid signature found 04:03:31 named validating @0xb18914a0: vai6s58iqmjmin7ju8mq61aju3q4ms5h.org NSEC3: no valid signature found 04:03:31 named validating @0xb21e1518: vai6s58iqmjmin7ju8mq61aju3q4ms5h.org NSEC3: no valid signature found 04:09:43 named validating @0xb0f58988: 117.in-addr.arpa SOA: no valid signature found 04:09:43 named validating @0xb0f58988: 117.in-addr.arpa NSEC: no valid signature found 04:09:43 named validating @0xb0f58988: 240.117.in-addr.arpa NSEC: no valid signature found 04:13:52 named validating @0xb0f58988: 27.in-addr.arpa SOA: no valid signature found 04:13:52 named validating @0xb0f58988: 22.115.27.in-addr.arpa NSEC: no valid signature found 04:13:52 named validating @0xb0f58988: 99.114.27.in-addr.arpa NSEC: no valid signature found 04:15:16 named validating @0xb0f58988: 117.in-addr.arpa SOA: no valid signature found 04:15:16 named validating @0xb0f58988: 117.in-addr.arpa NSEC: no valid signature found 04:15:16 named validating @0xb0f58988: 99.20.117.in-addr.arpa NSEC: no valid signature found 04:15:48 named validating @0xb0f58988: org SOA: no valid signature found 04:15:48 named validating @0xb0f58988: h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org NSEC3: no valid signature found 04:15:48 named validating @0xb0f58988: osfek8jf3dv7trcfcuheumjh9bpmjkeq.org NSEC3: no valid signature found 04:15:48 named validating @0xb0f58988: vai6s58iqmjmin7ju8mq61aju3q4ms5h.org NSEC3: no valid signature found And am wondering what they are really telling me. Are they all different flavours of "zone is not signed" or are they more like "zone is supposed to be signed but there are problems with it"? Cheers, b.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users