DNSSEC validation failure loggingΒΆ
This module logs a message for each DNSSEC validation failure (on notice
level
).
It is meant to provide hint to operators which queries should be
investigated using diagnostic tools like DNSViz.
Add following line to your configuration file to enable it:
modules.load('bogus_log')
Example of error message logged by this module:
[dnssec] validation failure: dnssec-failed.org. DNSKEY
List of most frequent queries which fail as DNSSEC bogus can be obtained at run-time:
> bogus_log.frequent()
{
{
['count'] = 1,
['name'] = 'dnssec-failed.org.',
['type'] = 'DNSKEY',
},
{
['count'] = 13,
['name'] = 'rhybar.cz.',
['type'] = 'DNSKEY',
},
}
Please note that in future this module might be replaced with some other way to log this information.