On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz <r...@htt-consult.com>wrote:
> Yes, I know lots of places don't have DNSSEC signed zones. **I** have not > done mine yet, but I turned on DNSSEC checking on my server and I am > getting all too many messages like: > > validating @0xb4247b50: 117.in-addr.arpa NSEC: no valid signature > found: 1 Time(s) > validating @0xb4247b50: 117.in-addr.arpa SOA: no valid signature > found: 1 Time(s) > Yes, but 117.in-addr.arpa *is* signed [1], so if you're not getting signatures, that's problematic. > How can I stop the logging of only " no valid signature found"? So I can > watch for more meaningful events and not so quickly grow /var/log/messages? > Logging can be tuned on a per-category (e.g., DNSSEC) basis, including the location to which log messages are sent (e.g., file, syslog, etc.). See the section on logging in the BIND 9 Configuration Reference for more information on how to do this [2]. Casey [1] http://dnsviz.net/d/117.in-addr.arpa/USuy_w/dnssec/ [2] http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
