9.6.1-P1 log message

Jeremy C. Reed jreed at isc.org
Tue Aug 25 15:58:54 UTC 2009


On Tue, 25 Aug 2009, David Forrest wrote:

> What do I have to do to correct whatever is causing this log message from
> named (9.6.1-P1-RedHat-9.6.1-4.P1.fc11)?
> 
> validating @0x7f9f2c60c200: dns1.registeredsite.com.dlv.isc.org DS: must be
> secure failure

May need more context for this (like higher debug level for DNSSEC 
category). (I have patches for improving the DNSSEC logging which are 
planned for upcoming BIND release.)

This may be:

"must be secure failure, no DS and this is a delegation"

"must be secure failure, key is insecure, so mark the data as insecure 
also."

"must be secure failure, no supported algorithm/digest (dlv)"

"must be secure failure (DS)"

"must be secure failure, no supported algorithm/digest (DS)"

"must be secure failure, DLV lookup from a DLV subdomain"

"must be secure failure, DLV lookup from a DLV subdomain?"

"must be secure failure, not beneath secure root"

"must be secure failure at '%s', can't fall back to DLV"

"must be secure failure, no DS at zone cut (zone)"

"must be secure failure, is a delegation but no DS at zone cut (cache)"

"must be secure failure, no supported algorithm/digest (%s/DS)"

Sorry this probably doesn't help much.



More information about the bind-users mailing list