Re: Stop of logging of No Valid Signature Found

On Feb 25, 2013, at 8:25 PM, Robert Moskowitz wrote: > So should I change this to an include and put dnssec-validation back to yes? No. "dnssec-validation auto;" is correct for 90% of cases. An Internet validating resolver should almost certainly use this. Mark is simply being precise and comple

Re: Stop of logging of No Valid Signature Found

On 02/25/2013 09:36 PM, Mark Andrews wrote: In message <512c18eb.2050...@htt-consult.com>, Robert Moskowitz writes: On 02/25/2013 08:38 PM, Mark Andrews wrote: In message <512c1009.4060...@htt-consult.com>, Robert Moskowitz writes: dnssec-enable yes; dnssec-validation yes; digg

Re: Stop of logging of No Valid Signature Found

In message <512c18eb.2050...@htt-consult.com>, Robert Moskowitz writes: > > On 02/25/2013 08:38 PM, Mark Andrews wrote: > > In message <512c1009.4060...@htt-consult.com>, Robert Moskowitz writes: > >> dnssec-enable yes; > >> dnssec-validation yes; > digging back in the ar

Re: Stop of logging of No Valid Signature Found

On 02/25/2013 08:38 PM, Mark Andrews wrote: In message <512c1009.4060...@htt-consult.com>, Robert Moskowitz writes: dnssec-enable yes; dnssec-validation yes; digging back in the archive here, I find out this should be dnssec-validation auto; Actually it can be either. It'

Re: Stop of logging of No Valid Signature Found

In message <512c1009.4060...@htt-consult.com>, Robert Moskowitz writes: > dnssec-enable yes; > dnssec-validation yes; > >> digging back in the archive here, I find out this should be > >> > >> dnssec-validation auto; > > Actually it can be either. It's all a matter of ho

Re: Stop of logging of No Valid Signature Found

On 02/25/2013 08:15 PM, Mark Andrews wrote: In message <512c09f5.4040...@htt-consult.com>, Robert Moskowitz writes: On 02/25/2013 03:25 PM, Robert Moskowitz wrote: On 02/25/2013 02:33 PM, Robert Moskowitz wrote: On 02/25/2013 02:00 PM, Casey Deccio wrote: On Mon, Feb 25, 2013 at 5:09 AM, Rob

Re: Stop of logging of No Valid Signature Found

In message <512c09f5.4040...@htt-consult.com>, Robert Moskowitz writes: > On 02/25/2013 03:25 PM, Robert Moskowitz wrote: > > > > On 02/25/2013 02:33 PM, Robert Moskowitz wrote: > >> > >> On 02/25/2013 02:00 PM, Casey Deccio wrote: > >>> On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz > >>> mai

Re: Stop of logging of No Valid Signature Found

On 02/25/2013 03:25 PM, Robert Moskowitz wrote: On 02/25/2013 02:33 PM, Robert Moskowitz wrote: On 02/25/2013 02:00 PM, Casey Deccio wrote: On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz mailto:r...@htt-consult.com>> wrote: Yes, I know lots of places don't have DNSSEC signed zones.

Re: Stop of logging of No Valid Signature Found

On 02/25/2013 02:33 PM, Robert Moskowitz wrote: On 02/25/2013 02:00 PM, Casey Deccio wrote: On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz mailto:r...@htt-consult.com>> wrote: Yes, I know lots of places don't have DNSSEC signed zones. **I** have not done mine yet, but I turned on

Re: Stop of logging of No Valid Signature Found

On 02/25/2013 02:00 PM, Casey Deccio wrote: On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz > wrote: Yes, I know lots of places don't have DNSSEC signed zones. **I** have not done mine yet, but I turned on DNSSEC checking on my server and I am getting

Re: Stop of logging of No Valid Signature Found

On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz wrote: > Yes, I know lots of places don't have DNSSEC signed zones. **I** have not > done mine yet, but I turned on DNSSEC checking on my server and I am > getting all too many messages like: > > validating @0xb4247b50: 117.in-addr.arpa NSEC

Stop of logging of No Valid Signature Found

Yes, I know lots of places don't have DNSSEC signed zones. **I** have not done mine yet, but I turned on DNSSEC checking on my server and I am getting all too many messages like: validating @0xb4247b50: 117.in-addr.arpa NSEC: no valid signature found: 1 Time(s) validating @0xb4247