[Samba] DC01 log entries
L.P.H. van Belle
belle at bazuin.nl
Fri Feb 6 09:11:54 MST 2015
Hi bob.,
As fas as i know opendns does not support dnssec.
which is default enabled in bind9
try switchin your dns forwarders to googles ( which support dnssec )
and see what happens.
or.. disable dnssec in bind9
Louis
>-----Oorspronkelijk bericht-----
>Van: bob at donelsontrophy.net
>[mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson Trophy
>Verzonden: woensdag 4 februari 2015 15:05
>Aan: SAMBA MailList
>Onderwerp: [Samba] DC01 log entries
>
>
>
>I run "logcheck" on my servers and have noticed that my DC01 log has
>these:
>
>Feb 4 06:58:16 dc01 named[2096]: validating @0xb1c75c18: . NS: got
>insecure response; parent indicates it should be secure
>Feb 4 06:58:16 dc01 named[2096]: error (insecurity proof failed)
>resolving './NS/IN': 208.67.222.222#53
>Feb 4 06:58:16 dc01 named[2096]: validating @0xb1c75c18: . NS: got
>insecure response; parent indicates it should be secure
>Feb 4 06:58:16 dc01 named[2096]: error (insecurity proof failed)
>resolving './NS/IN': 208.67.220.220#53
>Feb 4 07:04:51 dc01 named[2096]: validating @0xb982c740: com SOA: got
>insecure response; parent indicates it should be secure
>Feb 4 07:04:51 dc01 named[2096]: error (no valid RRSIG) resolving
>'microsoft.com/DS/IN': 208.67.222.222#53
>Feb 4 07:04:51 dc01 named[2096]: validating @0xb982c740: com SOA: got
>insecure response; parent indicates it should be secure
>Feb 4 07:04:51 dc01 named[2096]: error (no valid RRSIG) resolving
>'microsoft.com/DS/IN': 208.67.220.220#53
>Feb 4 07:04:51 dc01 named[2096]: validating @0xb1c314a8: net SOA: got
>insecure response; parent indicates it should be secure
>Feb 4 07:04:51 dc01 named[2096]: error (no valid RRSIG) resolving
>'akadns.net/DS/IN': 208.67.222.222#53
>Feb 4 07:04:51 dc01 named[2096]: validating @0xb1c314a8: net SOA: got
>insecure response; parent indicates it should be secure
>Feb 4 07:04:51 dc01 named[2096]: error (no valid RRSIG) resolving
>'akadns.net/DS/IN': 208.67.220.220#53
>Feb 4 07:05:12 dc01 named[2096]: validating @0xb982c740: com SOA: got
>insecure response; parent indicates it should be secure
>Feb 4 07:05:12 dc01 named[2096]: error (no valid RRSIG) resolving
>'woodgrovebank.com/DS/IN': 208.67.220.220#53
>
>Now, I am not certain if this is an issue but it sure looks strange to
>me.
>
>Perhaps there is something set incorrectly in bind? As I little about
>bind, I do not know.
>
>My DC was created using Louis' "generation one" scripts.
>
>Maybe this is nothing?
>
>--
>
>-------------------------
>
>Bob Wooden of Donelson Trophy
>
>615.885.2846 (main)
>www.donelsontrophy.com [1]
>
>"Everyone deserves an award!!"
>
>
>Links:
>------
>[1] http://www.donelsontrophy.com
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list