Here you go - Feb 11 14:24:31 ns2 named[5927]: validating @0x7f1d48226850: fhr.data.mozilla.com A: no valid signature found Feb 11 14:24:31 ns2 named[5927]: validating @0x7f1d4a56b910: gks3ve6q998vi7v3llirpk67eh1rpm81.mozilla.com NSEC3: no valid signature found Feb 11 14:25:09 ns2 named[5927]: validating @0x7f1d481cbce0: hollywoodreporter.myshopify.com A: no valid signature found Feb 11 14:25:11 ns2 named[5927]: validating @0x7f1d507226f0: valetmag.myshopify.com A: no valid signature found Feb 11 14:25:16 ns2 named[5927]: validating @0x7f1d402b2c10: furniture-zone.myshopify.com A: no valid signature found Feb 11 14:25:27 ns2 named[5927]: validating @0x7f1d48226850: preferences-mgr.truste.com A: no valid signature found Feb 11 14:25:38 ns2 named[5927]: validating @0x7f1d48226850: beastmodecoaching.myshopify.com A: no valid signature found Feb 11 14:25:38 ns2 named[5927]: validating @0x7f1d429a96d0: legendsofaesthetics.myshopify.com A: no valid signature found -----Original Message----- From: Nathan Ward Sent: Tuesday, February 11, 2014 1:44 PM To: Tony Wicks Cc: NZNOG List Subject: Re: [nznog] Validating resolvers for DNS and DNSSEC On 11/02/2014, at 1:21 pm, Tony Wicks <tony(a)wicks.co.nz> wrote:
10,000+ customers resolving with DNSSEC enabled caches and we have noticed no issues with it. The only thing we had to do is disable the DNS sec error logging as it was a lot of noise.
category dnssec { null; };
dnssec-enable yes; dnssec-validation auto; dnssec-lookaside auto;
Error logging isn’t something I’d want to ignore. What sort of errors were you seeing? — Nathan Ward