Loads of logs "validation failure" for non-DNSSEC signed zones, probably due to RPZ
Fredrik Pettai
pettai at sunet.se
Tue Aug 27 08:46:27 UTC 2024
Hi,
After upgrading to Unbound 1.21.0, I see loads of logs like:
Aug 27 07:50:59 resolver unbound: [1387:f] info: validation failure <domain. A IN>: key for validation domain. is marked as invalid because of a previous
Aug 27 07:50:59 resolver unbound: [1387:a] info: validation failure <domain. A IN>: key for validation domain. is marked as invalid because of a previous
Aug 27 07:50:59 resolver unbound: [1387:2] info: validation failure <domain. A IN>: key for validation domain. is marked as invalid because of a previous
And most of the domains aren’t even DNSSEC signed.
I put some details over here:
https://github.com/NLnetLabs/unbound/issues/1130
Re,
/P
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20240827/ff9de6ab/attachment.bin>
More information about the Unbound-users
mailing list