error (insecurity proof failed) resolving './DS/IN'

[Brian J. Murrell]

Trying to follow an example I found of manually verifying a name's
DNSSEC records I did the following:

# dig . DNSKEY | grep -Ev '^($|;)' > root.keys
# dig +sigchase +trusted-key=./root.keys www.eurid.eu. A

That resulted in some errors but more importantly the following in my
syslog:

Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.33.4.12#53
Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.203.230.10#53
Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.58.128.30#53
Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.112.36.4#53
Mar 23 08:11:15 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.228.79.201#53
Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 193.0.14.129#53
Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.5.5.241#53
Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:503:ba3e::2:30#53
Mar 23 08:11:16 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 128.63.2.53#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 192.36.148.17#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:500:3::42#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:dc3::35#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:503:c27::2:30#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:7fd::1#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:500:2f::f#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 198.41.0.4#53
Mar 23 08:11:17 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:500:1::803f:235#53
Mar 23 08:11:18 linux named[19256]: error (insecurity proof failed) resolving './DS/IN': 2001:500:84::b#53

I'm really not sure why though.

I'm using

BIND 9.8.1-P1

built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'

Any ideas on what this is or what more information I can provide to help
chase it down?

Cheers,
b.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150323/fb67f446/attachment.bin>