I am preparing to enable DNSSEC validation, so I am working on alerts for failed validations, so I can see whether they are user errors (that might need negative trust anchors or other exceptions) or actual attacks. But it seems that the "dnssec" category logs all sorts of DNSSEC issues, even if the response validates correctly. Is there something that I can match on to get just the responses that fail? (user gets SERVFAIL instead of an answer) ?
-- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop