Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
no valid signature found - but where do the queries come from?
3 views
Skip to first unread message
lejeczek
Jul 7, 2016, 10:50:39 AM7/7/16
to bind-...@lists.isc.org
hi users,
I'm getting lot of below in log:
validating @0x7f53140149a0:
ccnr-winsrv1.xxx.private.other.dom.my.dom A: bad cache hit
(uk.my.dom/DS)
validating @0x7f5314015630:
ccnr-winsrv1.xxx.private.other.dom.my.dom AAAA: bad cache
hit (uk.my.dom/DS)
error (broken trust chain) resolving
'ccnr-winsrv1.xxx.private.other.dom.my.dom/A/IN':
192.168.2.100#53
error (broken trust chain) resolving
'ccnr-winsrv1.xxx.private.other.dom.my.dom/AAAA/IN':
192.168.2.100#53
validating @0x7f52e4002650: my.dom SOA: no valid
signature found
validating @0x7f52e40032e0: my.dom SOA: no valid
signature found
validating @0x7f52e4002650: my.dom NSEC: no valid
signature found
validating @0x7f52e40032e0: my.dom NSEC: no valid
signature found
validating @0x7f52e4002650: swir.my.dom NSEC: no valid
signature found
validating @0x7f52e4002650: swir.my.dom NSEC: bad cache
hit (swir.my.dom/DS)
validating @0x7f52e40032e0: swir.my.dom NSEC: no valid
signature found
validating @0x7f52e40032e0: swir.my.dom NSEC: bad cache
hit (swir.my.dom/DS)
validating @0x7f52e40016c0:
ccnr-winsrv1.xxx.private.other.dom.my.dom AAAA: bad cache
hit (uk.my.dom/DS)
validating @0x7f52e40008c0:
ccnr-winsrv1.xxx.private.other.dom.my.dom A: bad cache hit
(uk.my.dom/DS)
error (broken trust chain) resolving
'ccnr-winsrv1.xxx.private.other.dom.my.dom/AAAA/IN':
192.168.2.100#53
error (broken trust chain) resolving
'ccnr-winsrv1.xxx.private.other.dom.my.dom/A/IN':
192.168.2.100#53
it's on a server - serverB.xxx.private.other.com(9.9.4) -
which forwards zone my.dom to serverA.my.dom (9.8.2rc1)
serverB is insecure whereas serverA.my.dom uses dnssec.
Firstly I'm hoping some experts could shed a bit light on
what's happening with that frequency these get logged, every
few seconds. Is it the dns itself of clients are actually
nag the server so constantly - how to trace it? - trace 6
and I cannot see anything.
Secondly, it must be configuration I thing, though I think
it was ok some time ago, now - on serverB I do:
$ host swir.my.dom. 127.0.0.1 -vv
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host swir.my.dom not found: 2(SERVFAIL)
further I do:
$ dig +qr my.dom.
and nothing, then:
$ dig +qr my.dom. @192.168.2.100 (which is serverA)
and I see NS, A, also that from log a line:
validating @0x7f52e40016c0:
ccnr-winsrv1.xxx.private.other.dom.my.dom AAAA: bad cache
hit (uk.my.dom/DS)
here is my.dom(serverA) appended to
private.other.dom(serverB) - what does it mean?
how, where to start troubleshooting?
many! thanks
I'm getting lot of below in log:
validating @0x7f53140149a0:
ccnr-winsrv1.xxx.private.other.dom.my.dom A: bad cache hit
(uk.my.dom/DS)
validating @0x7f5314015630:
ccnr-winsrv1.xxx.private.other.dom.my.dom AAAA: bad cache
hit (uk.my.dom/DS)
error (broken trust chain) resolving
'ccnr-winsrv1.xxx.private.other.dom.my.dom/A/IN':
192.168.2.100#53
error (broken trust chain) resolving
'ccnr-winsrv1.xxx.private.other.dom.my.dom/AAAA/IN':
192.168.2.100#53
validating @0x7f52e4002650: my.dom SOA: no valid
signature found
validating @0x7f52e40032e0: my.dom SOA: no valid
signature found
validating @0x7f52e4002650: my.dom NSEC: no valid
signature found
validating @0x7f52e40032e0: my.dom NSEC: no valid
signature found
validating @0x7f52e4002650: swir.my.dom NSEC: no valid
signature found
validating @0x7f52e4002650: swir.my.dom NSEC: bad cache
hit (swir.my.dom/DS)
validating @0x7f52e40032e0: swir.my.dom NSEC: no valid
signature found
validating @0x7f52e40032e0: swir.my.dom NSEC: bad cache
hit (swir.my.dom/DS)
validating @0x7f52e40016c0:
ccnr-winsrv1.xxx.private.other.dom.my.dom AAAA: bad cache
hit (uk.my.dom/DS)
validating @0x7f52e40008c0:
ccnr-winsrv1.xxx.private.other.dom.my.dom A: bad cache hit
(uk.my.dom/DS)
error (broken trust chain) resolving
'ccnr-winsrv1.xxx.private.other.dom.my.dom/AAAA/IN':
192.168.2.100#53
error (broken trust chain) resolving
'ccnr-winsrv1.xxx.private.other.dom.my.dom/A/IN':
192.168.2.100#53
it's on a server - serverB.xxx.private.other.com(9.9.4) -
which forwards zone my.dom to serverA.my.dom (9.8.2rc1)
serverB is insecure whereas serverA.my.dom uses dnssec.
Firstly I'm hoping some experts could shed a bit light on
what's happening with that frequency these get logged, every
few seconds. Is it the dns itself of clients are actually
nag the server so constantly - how to trace it? - trace 6
and I cannot see anything.
Secondly, it must be configuration I thing, though I think
it was ok some time ago, now - on serverB I do:
$ host swir.my.dom. 127.0.0.1 -vv
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host swir.my.dom not found: 2(SERVFAIL)
further I do:
$ dig +qr my.dom.
and nothing, then:
$ dig +qr my.dom. @192.168.2.100 (which is serverA)
and I see NS, A, also that from log a line:
validating @0x7f52e40016c0:
ccnr-winsrv1.xxx.private.other.dom.my.dom AAAA: bad cache
hit (uk.my.dom/DS)
here is my.dom(serverA) appended to
private.other.dom(serverB) - what does it mean?
how, where to start troubleshooting?
many! thanks
0 new messages