Bind : validating : dlv.isc.org SOA: got insecure response; parent indicates it should be secure

By | November 7, 2012

Have you notified this error message in the logs since bind-9.8.2 update?

named: validating @0x7fc170001550: dlv.isc.org SOA: got insecure response; parent indicates it should be secure
named: error (insecurity proof failed) resolving ‘dlv.isc.org/DLV/IN’: 0.0.0.0#53

This is related to the new DNSSEC feature which is now enabled by default. This might indicate the DNS resolvers/forwarders you are using does not support DNSSEC so the response appear to be insecure to your server.

You can either use resolvers that support DNSSEC or temporarily disable the feature on your server. To disable it, simply use those parameters in your “named.conf” :

dnssec-enable no;
dnssec-validation no;