DNSSEC validation failure logging

This logs a message for each DNSSEC validation failure (on notice logging level). It is meant to provide hint to operators which queries should be investigated using diagnostic tools like DNSViz.

Add following line to your configuration file to enable it:

logging:
   dnssec-bogus: true

Example of error message logged:

[dnssec] validation failure: dnssec-failed.org. DNSKEY