我在局域网上运行了一个仅向前的BIND9服务器,它每天记录数百个错误,如:
Aug 29 18:38:29 nuc named[850]: error (no valid RRSIG) resolving 'ubuntu.com/DS/IN': 75.75.75.75#53 Aug 29 18:38:31 nuc named[850]: validating @0x7fc6d826ed50: com SOA: got insecure response; parent indicates it should be secure Aug 29 18:38:31 nuc named[850]: error (no valid RRSIG) resolving 'medium.com/DS/IN': 75.75.75.75#53 Aug 29 18:38:31 nuc named[850]: validating @0x7fc6d4014b80: com SOA: got insecure response; parent indicates it should be secure
似乎客户端仍在获得结果,但这些消息正在填满日志. named.conf中的相关行:
forwarders {
# Comcast
2001:558:Feed::1;
2001:558:Feed::2;
75.75.75.75;
75.75.76.76;
};
forward only;
dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;
