Tony Finch dot at
Fri Mar 1 13:57:16 UTC 2013

Robert Moskowitz <rgm at> wrote:

> I got tipped off about this from logwatch report. On my public DNS server had
> the following:
> Feb 26 04:02:04 onlo named[19336]:   validating @0xb2929ee0: SOA:
> got insecure response; parent indicates it should be secure

Looks like something in your setup is dropping RRSIGs, and this is
probably responsible for both your private htt. TLD validation problems
and these validation problems. Do you all your servers have
"dnssec-enable yes"? Do you have any non-BIND servers or middleboxes?

f.anthony.n.finch  <dot at>
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

More information about the bind-users mailing list