[nsd-users] info: axfr for domain not-verified
Philip Paeps
philip at trouble.is
Thu Jan 22 04:46:00 UTC 2026
On 2026-01-12 23:01:24 (+0800), Roman Serbski via nsd-users wrote:
> Hidden DNS master (NSD 4.3.9) ---> signer (OpenDNSSEC 2.1.14) --->
> public DNS (NSD 4.13.0) setup (all on FreeBSD 14).
>
> I recently moved the role of hidden DNS master to a new server running
> the latest NSD 4.14.0 and started receiving not-verified errors(?) in
> the logs:
>
> [2026-01-12 15:12:10.050] nsd[1697]: info: axfr for domain.org. from
> 192.168.12.147 not-verified
This is not an error. You get this diagnostic when NSD was compiled with TLS support but the AXFR was not over TLS:
#ifdef HAVE_SSL
VERBOSITY(1, (LOG_INFO, "%s for %s from %s%s%s%s",
(q->qtype==TYPE_AXFR?"axfr":"ixfr"),
dname_to_string(q->qname, NULL), a,
(q->tls||q->tls_auth)?(q->tls?" tls":" tls-auth"):"",
(q->tls||q->tls_auth)?" ":"",
(q->tls||q->tls_auth)?(q->cert_cn?q->cert_cn:"not-verified"):""));
#else
VERBOSITY(1, (LOG_INFO, "%s for %s from %s",
(q->qtype==TYPE_AXFR?"axfr":"ixfr"),
dname_to_string(q->qname, NULL), a));
#endif
> Did I miss something during the migration to the new server? Any hints
> would be appreciated.
Nothing to worry about. :)
I remember being confused by this diagnostic too the first time I saw it.
Philip
More information about the nsd-users
mailing list