Insecurity proof failed

2024-03-12 Thread Borja Marcos
Hi, This is driving me nuts. I have three BIND 9.18.24 running on FreeBSD. Two of them on FreeBSD 14, one on FreeBSD 13.2. Just one of the servers is failing to resolve a single domain compared to the other two: checkpoint.com . I get these errors: <142>1 2024-03-12T11

Re: Insecurity proof failed

2024-03-12 Thread Mark Andrews
Have you disabled EDNS to these servers in named.conf? DNSSEC responses are only returned if DO=1 is set in the request. Named can learn that a server doesn’t support EDNS if it doesn’t return EDNS responses consistently to EDNS requests. If that happens named will send plain DNS requests. M

Re: Insecurity proof failed

2024-03-12 Thread Borja Marcos
> On 12 Mar 2024, at 13:36, Mark Andrews wrote: > > Have you disabled EDNS to these servers in named.conf? DNSSEC responses are > only returned > if DO=1 is set in the request. Named can learn that a server doesn’t support > EDNS if it doesn’t > return EDNS responses consistently to EDNS re