Finally I caught one query/server that produces the . SOA: got insecure
response; parent indicates it should be secure log each time:
dig @ns ladeco.com. MX does this every time, where ns runs bind
9.7.1-P2, with only the root TA configured.
The server serving that domain returns not exactly
@0x134fe7e8: . SOA:
got insecure response; parent indicates it should be secure
I've seen this for various top-level domains for which I have trust
anchors configure as well. I could never track this down either, but I
suspect it has nothing to do with the authoritative servers.
--
Alex
Named
Mark,
Named has to deal with multually incompatible senarios. DNSSEC
which requires EDNS and nameservers and firewalls which drop EDNS
requests so named has to turn off EDNS to get answers back.
Occasionally a set of answers will take too long to get back to
named or are lost due to network
08:52:27.929 dnssec: info: validating @0x134fe7e8: . SOA:
got insecure response; parent indicates it should be secure
Otherwise validation just works fine and mostly I see these:
validating @0x134fe7e8: . SOA: marking as secure, noqname proof not needed
Following an earlier comment on this list
:27.929 dnssec: debug 3: validating @0x134fe7e8: .
SOA: insecurity proof failed
21-Jul-2010 08:52:27.929 dnssec: info: validating @0x134fe7e8: . SOA:
got insecure response; parent indicates it should be secure
I've seen this for various top-level domains for which I have trust
anchors configure
5 matches
Mail list logo