Hi,
I run 'unbound 1.7.0' on an IPFire 2.19 / Core 119 firewall router for a
few days. Today I found some messages I never saw before:
...
02:47:12 unbound: [22034:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
14:46:54 unbound: [22034:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
18:38:41 unbound: [22034:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
...
I'd like to know what this means - any hints?
Best,
Matthias
Hi Matthias,
I run 'unbound 1.7.0' on an IPFire 2.19 / Core 119 firewall router for a
few days. Today I found some messages I never saw before:...
02:47:12 unbound: [22034:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
14:46:54 unbound: [22034:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
18:38:41 unbound: [22034:0] info: generate keytag query _ta-4a5c-4f66. NULL INI'd like to know what this means - any hints?
Unbound 1.7.0 is doing trust anchor signaling to the root name servers,
according to RFC 8145. See this URL for more details:
https://tools.ietf.org/html/rfc8145
Regards,
Anand Buddhdev
RIPE NCC
Hello,
I initially patched unbound to log this stuff. Wouter included the trivial patch in 1.7.0.
( in fact I only changed the loglevel )
My intention to get this logged was the ability to find these log entries
in our central log aggregation. There I really found miss-configured resolvers in my network.
Seeing this in my log today proof I configured my resolver well 
I'm ready for KSK roll...
That may be useful elsewhere, too.
Andreas
Hi,