failed trust-anchor-telemetry queries
Klaus Darilion
klaus.darilion at nic.at
Tue Jul 27 07:50:41 UTC 2021
Hello!
Bind version: 9.16.19-1+ubuntu18.04.1+isc+1
Recently I discovered these logs:
09:13:12 named[3234]: _default: sending trust-anchor-telemetry query '_ta-0000/NULL'
09:13:12 named[3234]: validating ./NSEC: no valid signature found
09:13:12 named[3234]: validating ./SOA: no valid signature found
09:13:12 named[3234]: validating ./NSEC: no valid signature found
09:13:12 named[3234]: validating ./SOA: no valid signature found
09:13:12 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN': 2001:503:ba3e::2:30#53
09:13:13 named[3234]: validating ./SOA: no valid signature found
09:13:13 named[3234]: validating ./NSEC: no valid signature found
09:13:13 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN': 2001:dc3::35#53
09:13:13 named[3234]: validating ./SOA: no valid signature found
09:13:13 named[3234]: validating ./NSEC: no valid signature found
09:13:13 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN': 2001:7fe::53#53
09:13:13 named[3234]: validating ./NSEC: no valid signature found
09:13:13 named[3234]: validating ./SOA: no valid signature found
09:13:13 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN': 2001:500:1::53#53
09:13:13 named[3234]: validating ./SOA: no valid signature found
09:13:13 named[3234]: validating ./NSEC: no valid signature found
09:13:13 named[3234]: no valid RRSIG resolving '_ta-0000/DS/IN': 2001:500:9f::42#53
09:13:13 named[3234]: validating ./SOA: no valid signature found
...
The config of the name server is authoritative-only, hence:
allow-recursion {
none;
};
May it be, that due to disabled recursion, these trust-anchor queries are failing? Or what might be other reasons?
Thanks
Klaus
More information about the bind-users
mailing list