They are almost certainly the result of running an older version of named and packet loss causing named to fallback to plain DNS which doesn’t return DNSSEC records. Newer versions of named don’t fallback to plain DNS on packet loss.
5029. [func] Workarounds for servers that misbehave when queried with EDNS have been removed, because these broken servers and the workarounds for their noncompliance cause unnecessary delays, increase code complexity, and prevent deployment of new DNS features. See https://dnsflagday.net for further details. [GL #150] BIND 9.14.0 is the first non development version with this behaviour. Mark > On 18 Apr 2020, at 01:24, btb via bind-users <bind-users@lists.isc.org> wrote: > > hi- > > i'm seeing what i'm wondering if is a lot of "lame-servers: info: no valid > RRSIG resolving ..." messages in the logs [on average ~500 messages per day]. > a small snippet: > > 15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving > 'jwplayer.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving > 'tranet.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving > 'inboxsdk.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving > 'basis.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving > 'starfinancial.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving > 'vice.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving > 'lithium.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving > 'sc-static.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving > 'snapchat.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving > 'yimg.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving > 'transamerica.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving > 'quantummetric.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving > 'tealiumiq.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving > 'bounceexchange.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving > 'mwefinancial.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving > 'redditmedia.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving > 'imtwjwoasak.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving > 'b.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving > 'jquery.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving > 'forter.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving > 'quovadisoffshore.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving > 'quovadisglobal.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving > 'mixpanel.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving > 'spotify.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving > 'freeform.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving > 'edgedatg.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving > 'footprintdns.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving > 'qualifiedaddress.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving > 'dc-msedge.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving > 'facebook.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving > 'pphosted.com/DS/IN': 192.5.6.30#53 > > a number of these [most?] are zones that are signed, and some don't even > exist, so i'm curious about seeing these messages. what am i not > understanding, and/or what can i do to troubleshoot further? > > thanks! > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users