I would be looking for packet loss and / or a bad firewall that is dropping
fragmented packets which is triggering fallback to non EDNS requests If you
are forwarding ensure that the entire forwarding chain is validating.
--
Mark Andrews
> On 25 Jan 2023, at 04:53, John Thurston wrote:
>
It sounds like I'm correct that lines of the sort:
validating com/SOA: got insecure response; parent indicates it should be
secure
are my indication that dnssec is doing its job. (Whether I should be
reacting to messages like the above remains to be seen.)
Let me rephrase my original
John Thurston wrote:
> On a resolver running ISC BIND 9.16.36 with "dnssec-validation auto;" I am
> writing "category dnssec" to a log file at "severity info;" When I look
in
> the resulting log file, I'm guessing that lines like this:
> validating com/SOA: got insecure
I looked in logs of my resolver in my home network and see a similar message
from January 6th:
06-Jan-2023 17:09:23.677 dnssec: info: validating in-addr.arpa/SOA: got
insecure response; parent indicates it should be secure
I interpret that to mean that someone’s DNS is misconfigured. I
On a resolver running ISC BIND 9.16.36 with "dnssec-validation auto;" I
am writing "category dnssec" to a log file at "severity info;" When I
look in the resulting log file, I'm guessing that lines like this:
validating com/SOA: got insecure response; parent indicates it should be
secure
5 matches
Mail list logo
