Discussion:
"lame-servers: info: no valid RRSIG resolving ..."
(too old to reply)
btb
2020-04-17 15:24:04 UTC
Permalink
hi-

i'm seeing what i'm wondering if is a lot of "lame-servers: info: no valid RRSIG resolving ..." messages in the logs [on average ~500 messages per day]. a small snippet:

15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving 'jwplayer.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving 'tranet.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving 'inboxsdk.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving 'basis.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving 'starfinancial.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving 'vice.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving 'lithium.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving 'sc-static.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving 'snapchat.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving 'yimg.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving 'transamerica.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving 'quantummetric.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving 'tealiumiq.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving 'bounceexchange.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving 'mwefinancial.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving 'redditmedia.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving 'imtwjwoasak.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving 'b.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving 'jquery.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving 'forter.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving 'quovadisoffshore.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving 'quovadisglobal.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving 'mixpanel.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving 'spotify.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving 'freeform.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving 'edgedatg.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving 'footprintdns.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving 'qualifiedaddress.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving 'dc-msedge.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving 'facebook.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving 'pphosted.com/DS/IN': 192.5.6.30#53

a number of these [most?] are zones that are signed, and some don't even exist, so i'm curious about seeing these messages. what am i not understanding, and/or what can i do to troubleshoot further?

thanks!
Sten Carlsen
2020-04-17 19:01:28 UTC
Permalink
I see lots of lines like this. They all come from people trying to break into my SSH.
--
Best regards
Sten Carlsen


For every problem, there is a solution that
is simple, elegant, and wrong.
HL Mencken
Post by btb
hi-
15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving 'jwplayer.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving 'tranet.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving 'inboxsdk.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving 'basis.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving 'starfinancial.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving 'vice.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving 'lithium.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving 'sc-static.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving 'snapchat.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving 'yimg.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving 'transamerica.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving 'quantummetric.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving 'tealiumiq.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving 'bounceexchange.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving 'mwefinancial.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving 'redditmedia.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving 'imtwjwoasak.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving 'b.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving 'jquery.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving 'forter.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving 'quovadisoffshore.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving 'quovadisglobal.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving 'mixpanel.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving 'spotify.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving 'freeform.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving 'edgedatg.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving 'footprintdns.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving 'qualifiedaddress.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving 'dc-msedge.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving 'facebook.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving 'pphosted.com/DS/IN': 192.5.6.30#53
a number of these [most?] are zones that are signed, and some don't even exist, so i'm curious about seeing these messages. what am i not understanding, and/or what can i do to troubleshoot further?
thanks!
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
Mark Andrews
2020-04-17 23:01:20 UTC
Permalink
They are almost certainly the result of running an older version of named and packet loss
causing named to fallback to plain DNS which doesn’t return DNSSEC records. Newer versions
of named don’t fallback to plain DNS on packet loss.

5029. [func] Workarounds for servers that misbehave when queried
with EDNS have been removed, because these broken
servers and the workarounds for their noncompliance
cause unnecessary delays, increase code complexity,
and prevent deployment of new DNS features. See
https://dnsflagday.net for further details. [GL #150]

BIND 9.14.0 is the first non development version with this behaviour.

Mark
Post by btb
hi-
15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving 'jwplayer.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving 'tranet.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving 'inboxsdk.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving 'basis.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving 'starfinancial.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving 'vice.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving 'lithium.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving 'sc-static.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving 'snapchat.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving 'yimg.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving 'transamerica.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving 'quantummetric.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving 'tealiumiq.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving 'bounceexchange.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving 'mwefinancial.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving 'redditmedia.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving 'imtwjwoasak.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving 'b.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving 'jquery.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving 'forter.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving 'quovadisoffshore.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving 'quovadisglobal.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving 'mixpanel.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving 'spotify.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving 'freeform.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving 'edgedatg.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving 'footprintdns.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving 'qualifiedaddress.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving 'dc-msedge.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving 'facebook.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving 'pphosted.com/DS/IN': 192.5.6.30#53
a number of these [most?] are zones that are signed, and some don't even exist, so i'm curious about seeing these messages. what am i not understanding, and/or what can i do to troubleshoot further?
thanks!
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ***@isc.org
btb
2020-04-17 23:10:44 UTC
Permalink
thanks-
named -v
BIND 9.14.8-Ubuntu (Stable Release) <id:5d87f66>
dpkg -s bind9
Package: bind9
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 872
Maintainer: Debian DNS Team <team+***@tracker.debian.org>
Architecture: amd64
Version: 1:9.14.8-1+ubuntu19.10.1+isc+1
Replaces: bind (<< 1:9.13.6~)
[...]
Homepage: https://www.isc.org/downloads/bind/

does that mean in theory the version we're running would be new enough we shouldn't be seeing that particular symptom?

thanks
They are almost certainly the result of running an older version of named and packet loss
causing named to fallback to plain DNS which doesn’t return DNSSEC records. Newer versions
of named don’t fallback to plain DNS on packet loss.
5029. [func] Workarounds for servers that misbehave when queried
with EDNS have been removed, because these broken
servers and the workarounds for their noncompliance
cause unnecessary delays, increase code complexity,
and prevent deployment of new DNS features. See
https://dnsflagday.net for further details. [GL #150]
BIND 9.14.0 is the first non development version with this behaviour.
Mark
Post by btb
hi-
15-Apr-2020 18:11:46.057 lame-servers: info: no valid RRSIG resolving 'jwplayer.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:46.150 lame-servers: info: no valid RRSIG resolving 'tranet.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:47.559 lame-servers: info: no valid RRSIG resolving 'inboxsdk.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:49.146 lame-servers: info: no valid RRSIG resolving 'basis.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:58.474 lame-servers: info: no valid RRSIG resolving 'starfinancial.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:11:59.665 lame-servers: info: no valid RRSIG resolving 'vice.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:09.501 lame-servers: info: no valid RRSIG resolving 'lithium.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:09.756 lame-servers: info: no valid RRSIG resolving 'sc-static.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:10.004 lame-servers: info: no valid RRSIG resolving 'snapchat.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:12.638 lame-servers: info: no valid RRSIG resolving 'yimg.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:16.823 lame-servers: info: no valid RRSIG resolving 'transamerica.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:16.932 lame-servers: info: no valid RRSIG resolving 'quantummetric.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:17.129 lame-servers: info: no valid RRSIG resolving 'tealiumiq.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:17.171 lame-servers: info: no valid RRSIG resolving 'bounceexchange.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:22.971 lame-servers: info: no valid RRSIG resolving 'mwefinancial.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:23.248 lame-servers: info: no valid RRSIG resolving 'redditmedia.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:23.869 lame-servers: info: no valid RRSIG resolving 'imtwjwoasak.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:25.189 lame-servers: info: no valid RRSIG resolving 'b.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:25.313 lame-servers: info: no valid RRSIG resolving 'jquery.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:26.555 lame-servers: info: no valid RRSIG resolving 'forter.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.008 lame-servers: info: no valid RRSIG resolving 'quovadisoffshore.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.029 lame-servers: info: no valid RRSIG resolving 'quovadisglobal.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:29.974 lame-servers: info: no valid RRSIG resolving 'mixpanel.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:35.786 lame-servers: info: no valid RRSIG resolving 'spotify.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:36.982 lame-servers: info: no valid RRSIG resolving 'freeform.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:38.295 lame-servers: info: no valid RRSIG resolving 'edgedatg.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:12:58.190 lame-servers: info: no valid RRSIG resolving 'footprintdns.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:13:01.282 lame-servers: info: no valid RRSIG resolving 'qualifiedaddress.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:13:01.744 lame-servers: info: no valid RRSIG resolving 'dc-msedge.net/DS/IN': 192.5.6.30#53
15-Apr-2020 18:14:54.009 lame-servers: info: no valid RRSIG resolving 'facebook.com/DS/IN': 192.5.6.30#53
15-Apr-2020 18:16:20.039 lame-servers: info: no valid RRSIG resolving 'pphosted.com/DS/IN': 192.5.6.30#53
a number of these [most?] are zones that are signed, and some don't even exist, so i'm curious about seeing these messages. what am i not understanding, and/or what can i do to troubleshoot further?
thanks!
Loading...