Ubuntu DNS server working, but getting errors in syslog

networking server dns

Solution 1:

These error messages are related to dnssec. Remove or comment out all the lines in /etc/bind/named.conf.options that start with dnssec and restart bind9.

The best explanation for what's going on that I could find is here:

When the validator receives a response from an unsigned zone that has a signed parent, it must confirm with the parent that the zone was intentionally left unsigned. It does this by verifying, via signed and validated NSEC/NSEC3 records, that the parent zone contains no DS records for the child.

If the validator can prove that the zone is insecure, then the response is accepted. However, if it cannot, then it must assume an insecure response to be a forgery; it rejects the response and logs an error.

The logged error reads "insecurity proof failed" and "got insecure response; parent indicates it should be secure". (Prior to BIND 9.7, the logged error was "not insecure". This referred to the zone, not the response.)

Related

Super + D Ubuntu 14.04 [duplicate]
Install wc3 markup validator locally
Can't update my system due to GPG error Clearsigned file isn't valid, got 'NODATA' [duplicate]
Uncompress a gzip file from CURL, on php
Radio button is not working properly
Scatter plot form dataframe with index on x-axis
Python Multiprocessing error: AttributeError: module '__main__' has no attribute '__spec__'
What does "<<-" mean in Ruby?
incompatible types: HomeFragment cannot be converted to Fragment in Android
Regular expression in PostgreSQL LIKE clause
How to make std::make_unique a friend of my class
Web Api Request Content is empty in action filter