Maintained by: NLnet Labs

[Unbound-users] Logging DNSsec errors

Michiel Piscaer
Thu Feb 7 23:19:27 CET 2013


Hi,

Our unbound installation is handeling 2044 DNS query's per seconde, on
this installation we do DNSsec validation. In the .nl zone DNSsec is
actively used. For a lot of domain administrators DNSsec is a new
protocol. This results in zones that are mis-configured for DNSsec. This
way our client can not visit the website. The client checks why he can't
vite the website with friends or google DNS. Those services are not
validating with DNSSec so the website is reachable. 

This results in an question on our helpdesk by the client.

Now my question:

I want to know two this.

1. Is it possible to get statistics about ServFails because of DNSSec?
2. I whould like to generate an log file or syslog message what query is
not DNSsec valid?

Kind regards,

Michiel Piscaer