bogus key: bad keys, broken trust chain
Hey i got the following log excerpt while trying to resolve postbank.de (a decently sized german bank)
Sep 13 14:44:16 netmgmt kresd[11685]: [gnutls] (5) REC[0x558a3d6140]: Decrypted Packet[23] Application Data(23) with length: 1738
Sep 13 14:44:16 netmgmt kresd[11685]: [gnutls] (3) ASSERT: buffers.c[_gnutls_io_read_buffered]:589
Sep 13 14:44:16 netmgmt kresd[11685]: [gnutls] (3) ASSERT: record.c[_gnutls_recv_int]:1777
Sep 13 14:44:16 netmgmt kresd[11685]: [14255.14][iter] <= rcode: NOERROR
Sep 13 14:44:16 netmgmt kresd[11685]: [14255.14][resl] <= server: '1.1.1.1' rtt: 21 ms
Sep 13 14:44:16 netmgmt kresd[11685]: [14255.14][resl] => resuming yielded answer
Sep 13 14:44:16 netmgmt kresd[11685]: [14255.14][vldr] >< bogus key: postbank.de. DNSKEY (0 matching RRSIGs, 0 expired, 0 not yet valid, 0 invalid signer, 0 invalid label count, 0 invalid key, 0 invalid crypto, 0 invalid NSEC)
Sep 13 14:44:16 netmgmt kresd[11685]: [14255.14][vldr] <= bad keys, broken trust chain
Sep 13 14:44:16 netmgmt kresd[11685]: [14255.14][cach] => not overwriting DNSKEY postbank.de.
Sep 13 14:44:16 netmgmt kresd[11685]: [14255.14][resl] finished: 0, queries: 4, mempool: 49200 B
Im forwarding my queries using TLS_FORWARD to 1.1.1.1 a server which i had no issues with previously.
What do i need to look for here, are my local keys invalid?