Hi All,

Part of the reason for submitting 
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q2/013026.html 
"[PATCH] dnssec: add hostname info to insecure DS warning” was to easily find 
out what domain was prompting the warning.

Some of my mystery ‘Insecure DS reply’ turns out to be this:

Mon May 13 09:57:27 2019 daemon.warn dnsmasq[20911]: Insecure DS reply received 
for 168.192.in-addr.arpa, check domain configuration and upstream DNS server 
DNSSEC support
Mon May 13 09:57:27 2019 daemon.warn dnsmasq[20911]: Insecure DS reply received 
for 168.192.in-addr.arpa, check domain configuration and upstream DNS server 
DNSSEC support
Mon May 13 09:57:27 2019 daemon.warn dnsmasq[20911]: Insecure DS reply received 
for 168.192.in-addr.arpa, check domain configuration and upstream DNS server 
DNSSEC support
Mon May 13 09:58:57 2019 daemon.warn dnsmasq[20911]: Insecure DS reply received 
for 168.192.in-addr.arpa, check domain configuration and upstream DNS server 
DNSSEC support
Mon May 13 09:58:57 2019 daemon.warn dnsmasq[20911]: Insecure DS reply received 
for 168.192.in-addr.arpa, check domain configuration and upstream DNS server 
DNSSEC support
Mon May 13 09:58:57 2019 daemon.warn dnsmasq[20911]: Insecure DS reply received 
for 168.192.in-addr.arpa, check domain configuration and upstream DNS server 
DNSSEC support

Is this a genuine configuration error on my/upstream’s part or is it false 
positive log spam?

(I think) The relevant bits from dnsmasq config:

dnssec
dnssec-check-unsigned

Upstream servers are Google’s 8.8.8.8 & friends.

Trust anchors:

trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D


Cheers,

Kevin D-B

gpg: 012C ACB2 28C6 C53E 9775  9123 B3A2 389B 9DE2 334A

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to