Re: lame-servers: info: no valid RRSIG resolving
On Thu, Jan 26, 2023 at 3:26 AM duluxoz wrote: > > Hi All, > > Sorry for asking what is almost certainly a "noob" question, but I'm > seeing a lot of "lame-servers: info: no valid RRSIG resolving > './NS/IN':" messages in our auth_servers.log for the DNS Root Servers' > IPv4 addresses. Is this normal, or do we have an issue that we need to > resolve. > > Thanks for the feedback > > Cheers > > Dulux-Oz > -- It doesn't sound normal. What version of BIND are you running? -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: "lame-servers: info: no valid RRSIG resolving ..."
thanks- we're running 9.14.8, courtesy of the isc ubuntu ppa [https://launchpad.net/~isc]: >named -v BIND 9.14.8-Ubuntu (Stable Release) >dpkg -s bind9 Package: bind9 Status: install ok installed Priority: optional Section: net Installed-Size: 872 Maintainer: Debian DNS Team Architecture: amd64 Version: 1:9.14.8-1+ubuntu19.10.1+isc+1 Replaces: bind (<< 1:9.13.6~) [...] Homepage: https://www.isc.org/downloads/bind/ does that mean in theory the version we're running would be new enough we shouldn't be seeing that particular symptom? thanks > On Apr 17, 2020, at 19.01, Mark Andrews wrote: > > They are almost certainly the result of running an older version of named and > packet loss > causing named to fallback to plain DNS which doesn’t return DNSSEC records. > Newer versions > of named don’t fallback to plain DNS on packet loss. > > 5029. [func] Workarounds for servers that misbehave when queried >with EDNS have been removed, because these broken >servers and the workarounds for their noncompliance >cause unnecessary delays, increase code complexity, >and prevent deployment of new DNS features. See >https://dnsflagday.net for further details. [GL #150] > > BIND 9.14.0 is the first non development version with this behaviour. > > Mark > >> On 18 Apr 2020, at 01:24, btb via bind-users >> wrote: >> >> hi- >> >> i'm seeing what i'm wondering if is a lot of "lame-servers: info: no valid >> RRSIG resolving ..." messages in the logs [on average ~500 messages per >> day]. a small snippet: >> >> 15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving >> 'jwplayer.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving >> 'tranet.net/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving >> 'inboxsdk.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving >> 'basis.net/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving >> 'starfinancial.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving >> 'vice.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving >> 'lithium.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving >> 'sc-static.net/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving >> 'snapchat.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving >> 'yimg.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving >> 'transamerica.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving >> 'quantummetric.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving >> 'tealiumiq.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving >> 'bounceexchange.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving >> 'mwefinancial.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving >> 'redditmedia.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving >> 'imtwjwoasak.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving >> 'b.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving >> 'jquery.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving >> 'forter.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving >> 'quovadisoffshore.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving >> 'quovadisglobal.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving >> 'mixpanel.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving >> 'spotify.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving >> 'freeform.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving >> 'edgedatg.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving >> 'footprintdns.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving >> 'qualifiedaddress.com/DS/IN': 192.5.6.30#53 >> 15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving >> 'dc-msedge.net/DS/IN': 192.5.6.30#53 >> 15-Apr-2020
Re: "lame-servers: info: no valid RRSIG resolving ..."
They are almost certainly the result of running an older version of named and packet loss causing named to fallback to plain DNS which doesn’t return DNSSEC records. Newer versions of named don’t fallback to plain DNS on packet loss. 5029. [func] Workarounds for servers that misbehave when queried with EDNS have been removed, because these broken servers and the workarounds for their noncompliance cause unnecessary delays, increase code complexity, and prevent deployment of new DNS features. See https://dnsflagday.net for further details. [GL #150] BIND 9.14.0 is the first non development version with this behaviour. Mark > On 18 Apr 2020, at 01:24, btb via bind-users wrote: > > hi- > > i'm seeing what i'm wondering if is a lot of "lame-servers: info: no valid > RRSIG resolving ..." messages in the logs [on average ~500 messages per day]. > a small snippet: > > 15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving > 'jwplayer.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving > 'tranet.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving > 'inboxsdk.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving > 'basis.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving > 'starfinancial.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving > 'vice.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving > 'lithium.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving > 'sc-static.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving > 'snapchat.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving > 'yimg.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving > 'transamerica.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving > 'quantummetric.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving > 'tealiumiq.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving > 'bounceexchange.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving > 'mwefinancial.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving > 'redditmedia.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving > 'imtwjwoasak.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving > 'b.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving > 'jquery.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving > 'forter.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving > 'quovadisoffshore.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving > 'quovadisglobal.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving > 'mixpanel.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving > 'spotify.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving > 'freeform.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving > 'edgedatg.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving > 'footprintdns.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving > 'qualifiedaddress.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving > 'dc-msedge.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving > 'facebook.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving > 'pphosted.com/DS/IN': 192.5.6.30#53 > > a number of these [most?] are zones that are signed, and some don't even > exist, so i'm curious about seeing these messages. what am i not > understanding, and/or what can i do to troubleshoot further? > > thanks! > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1
Re: "lame-servers: info: no valid RRSIG resolving ..."
I see lots of lines like this. They all come from people trying to break into my SSH. -- Best regards Sten Carlsen For every problem, there is a solution that is simple, elegant, and wrong. HL Mencken > On 17 Apr 2020, at 17.24, btb via bind-users wrote: > > hi- > > i'm seeing what i'm wondering if is a lot of "lame-servers: info: no valid > RRSIG resolving ..." messages in the logs [on average ~500 messages per day]. > a small snippet: > > 15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving > 'jwplayer.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving > 'tranet.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving > 'inboxsdk.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving > 'basis.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving > 'starfinancial.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving > 'vice.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving > 'lithium.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving > 'sc-static.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving > 'snapchat.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving > 'yimg.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving > 'transamerica.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving > 'quantummetric.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving > 'tealiumiq.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving > 'bounceexchange.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving > 'mwefinancial.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving > 'redditmedia.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving > 'imtwjwoasak.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving > 'b.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving > 'jquery.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving > 'forter.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving > 'quovadisoffshore.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving > 'quovadisglobal.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving > 'mixpanel.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving > 'spotify.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving > 'freeform.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving > 'edgedatg.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving > 'footprintdns.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving > 'qualifiedaddress.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving > 'dc-msedge.net/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving > 'facebook.com/DS/IN': 192.5.6.30#53 > 15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving > 'pphosted.com/DS/IN': 192.5.6.30#53 > > a number of these [most?] are zones that are signed, and some don't even > exist, so i'm curious about seeing these messages. what am i not > understanding, and/or what can i do to troubleshoot further? > > thanks! > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
