+ Responder ao Tópico



  1. #1

    Padrão Log Bind: must-be-secure / no valid RRSIG resolving / not insecure resolving / outro

    antigamente, eu so recebia o seguinte 1 tipo de log. exemplo:

    success resolving 'bn.uol.com.br/A' (in 'com.br'?) after reducing the advertised EDNS UDP packet size to 512 octets: 1 Time(s)
    success resolving 'bourse.immobilier.fr/MX' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets: 1 Time
    porem, de um tempo para ka.. comecei a receber outros 3 tipos de log... exemplo:
    not insecure resolving 'windowsupdate.com.dlv.isc.org/DLV/IN': 208.67.222.222#53: 1 Time(s)
    no valid RRSIG resolving '244.84.208.in-addr.arpa/DS/IN': 200.175.182.139#53: 1 Time(s
    must-be-secure resolving 'www.orkut.com.dlv.isc.org/DS/IN': 208.67.220.220#53: 2 Time(s)



    meu firewall eh restritivo, tabelas FORWARD e INPUT bloquedas.. so liberadas para os cadastrados.

    segue me named.conf
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    options {
    listen-on port 53 { 192.168.60.0/24; 192.168.70.0/24; 127.0.0.1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { 192.168.60.0/24; 192.168.70.0/24; localhost; };
    recursion yes;
    tcp-clients 1000;
    version "Not Available";
    recursive-clients 1000;
    forwarders { 200.175.5.139; 189.38.95.95; 200.176.2.12; 208.67.222.222; 200.225.157.104; 201.10.128.2; 200.176.2.10; 189.38.95.96; 208.67.220.220; 200.225.157.105; 200.175.182.139; 201.10.120.3; 200.192.112.8; };
    };
    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };
    zone "." IN {
    type hint;
    file "named.ca";
    };
    include "/etc/named.rfc1912.zones";

    o que poderia ser isso? alguem ai saberia me dizer?
    isso ta acontecendo no meu servidor de teste em casa

  2. #2

    Padrão

    alguem?

  3. #3

    Padrão

    problema resolvido.