To: bind9-public@isc.org From: michal@isc.org Content-Transfer-Encoding: binary X-Mailer: MIME-tools 5.508 (Entity 5.508) Content-Disposition: inline Message-ID: MIME-Version: 1.0 Subject: Prevent bogus "DNSSEC validation may be at risk" warning from being logged Content-Type: text/plain; charset="utf-8" X-RT-Interface: Web Date: Tue, 21 Nov 2017 11:56:11 +0100 X-RT-Original-Encoding: utf-8 Content-Length: 544 If two key refreshes are triggered (using "rndc managed-keys refresh") and completed within the same second and both receive successfully validated, identical responses that do not cause a new key to be added or an already existing key to be removed, the following message will be logged: 21-Nov-2017 11:45:03.871 managed-keys-zone: error during managed-keys processing (no more): DNSSEC validation may be at risk This message should be suppressed, because the sequence of events causing it to be logged is harmless to DNSSEC validation.