DNSSEC validation failure logging¶

This module adds error message for each DNSSEC validation failure.It is meant to provide hint to operators which queries should beinvestigated using diagnostic tools likeDNSViz.

Add following line to your configuration file to enable it:

modules.load('bogus_log')

Example of error message logged by this module:

DNSSEC validation failure dnssec-failed.org. DNSKEY

List of most frequent queries which fail as DNSSEC bogus can be obtained at run-time:

>bogus_log.frequent()[1]=>{[type]=>DNSKEY[count]=>1[name]=>dnssec-failed.org.}[2]=>{[type]=>DNSKEY[count]=>13[name]=>rhybar.cz.}

Please note that in future this module might be replacedwith some other way to log this information.