named validating @0x...: ... SOA: no valid signature found

Brian J. Murrell brian at interlinx.bc.ca
Wed May 2 12:46:45 UTC 2012 

Not having dipped my toe into DNSSEC yet (yes, I know, but time is
always so scarce)...

So I am seeing a bunch of this sort of thing in my BIND logs now:

04:02:18 named validating @0xb0f58988: 124.in-addr.arpa SOA: no valid signature found
04:02:18 named validating @0xb0f58988: 124.in-addr.arpa NSEC: no valid signature found
04:02:18 named validating @0xb0f58988: 227.124.in-addr.arpa NSEC: no valid signature found
04:03:30 named validating @0xb0f58988: net SOA: no valid signature found
04:03:30 named validating @0xb0f58988: a1rt98bs5qgc9nfi51s9hci47uljg6jh.net NSEC3: no valid signature found
04:03:30 named validating @0xb0f58988: 5VI63OJ105LD6R767I45IDJR5Q55T1R1.net NSEC3: no valid signature found
04:03:30 named validating @0xb0f58988: EEE0K4ONQCCHCJQTQ5VJD52NKJTEHAJN.net NSEC3: no valid signature found
04:03:30 named validating @0xb0f4d8c0: uk SOA: no valid signature found
04:03:30 named validating @0xb21ea7c0: u1fmklfv3rdcnamdc64sekgcdp05bbiu.uk NSEC3: no valid signature found
04:03:30 named validating @0xb0f67990: pl SOA: no valid signature found
04:03:30 named validating @0xb18914a0: RVLFSE0643QVHS3RI8VPKGANFBCJVJ06.pl NSEC3: no valid signature found
04:03:31 named validating @0xb0f949d0: GSV9U2BOSCL9B9TQAL1UAV4BNVI9EVUE.pl NSEC3: no valid signature found
04:03:31 named validating @0xb21cc520: org SOA: no valid signature found
04:03:31 named validating @0xb18f2c08: org SOA: no valid signature found
04:03:31 named validating @0xb21ea7c0: fk47636n6psb8mv7rdu6tpdhas69cbjp.org NSEC3: no valid signature found
04:03:31 named validating @0xb0fe6528: h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org NSEC3: no valid signature found
04:03:31 named validating @0xb0f61960: h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org NSEC3: no valid signature found
04:03:31 named validating @0xb21cc520: 4rkhv4s4situ82j70sp5tq5utm12o2t8.org NSEC3: no valid signature found
04:03:31 named validating @0xb18f2c08: ic8a82pge1m0qdob5sce1e3613hqr7br.org NSEC3: no valid signature found
04:03:31 named validating @0xb0f949d0: h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org NSEC3: no valid signature found
04:03:31 named validating @0xb0f949d0: vai6s58iqmjmin7ju8mq61aju3q4ms5h.org NSEC3: no valid signature found
04:03:31 named validating @0xb0f949d0: org SOA: no valid signature found
04:03:31 named validating @0xb18914a0: vai6s58iqmjmin7ju8mq61aju3q4ms5h.org NSEC3: no valid signature found
04:03:31 named validating @0xb21e1518: vai6s58iqmjmin7ju8mq61aju3q4ms5h.org NSEC3: no valid signature found
04:09:43 named validating @0xb0f58988: 117.in-addr.arpa SOA: no valid signature found
04:09:43 named validating @0xb0f58988: 117.in-addr.arpa NSEC: no valid signature found
04:09:43 named validating @0xb0f58988: 240.117.in-addr.arpa NSEC: no valid signature found
04:13:52 named validating @0xb0f58988: 27.in-addr.arpa SOA: no valid signature found
04:13:52 named validating @0xb0f58988: 22.115.27.in-addr.arpa NSEC: no valid signature found
04:13:52 named validating @0xb0f58988: 99.114.27.in-addr.arpa NSEC: no valid signature found
04:15:16 named validating @0xb0f58988: 117.in-addr.arpa SOA: no valid signature found
04:15:16 named validating @0xb0f58988: 117.in-addr.arpa NSEC: no valid signature found
04:15:16 named validating @0xb0f58988: 99.20.117.in-addr.arpa NSEC: no valid signature found
04:15:48 named validating @0xb0f58988: org SOA: no valid signature found
04:15:48 named validating @0xb0f58988: h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org NSEC3: no valid signature found
04:15:48 named validating @0xb0f58988: osfek8jf3dv7trcfcuheumjh9bpmjkeq.org NSEC3: no valid signature found
04:15:48 named validating @0xb0f58988: vai6s58iqmjmin7ju8mq61aju3q4ms5h.org NSEC3: no valid signature found

And am wondering what they are really telling me.  Are they all
different flavours of "zone is not signed" or are they more like
"zone is supposed to be signed but there are problems with it"?

Cheers,
b.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120502/000f6f0f/attachment.bin>

More information about the bind-users mailing list