Re: Validation failure signature crypto failed

> On Jan 25, 2017, at 1:57 PM, Jac Backus wrote: > > I wondered if it was, because the zone was only signed partially. So it shows > only the A record, because that is all that is signed. And the TXT record is > not signed. > But I suppose that may not even be

Re: Validation failure signature crypto failed

> On Jan 25, 2017, at 3:35 AM, Jac Backus via Unbound-users > wrote: > > Why does dnsviz not show the TXT record without selecting it in Advanced? It was simply a choice of efficiency. By default queries for MX, TXT, NS, and SOA are only issued if the name is a

Re: DNSSEC validaion fail for _25._tcp.eldinhadzic.com

On Fri, Jul 15, 2016 at 4:13 AM, A. Schulze via Unbound-users < unbound-users@unbound.net> wrote: > > DNSVIZ say it's valid: > http://dnsviz.net/d/_25._tcp.eldinhadzic.com/dnssec/ > how can I check my unbound could validate such data at all? > > I've added some checks to DNSViz to flag problems

Re: message is bogus, non secure rrset with Unbound as local caching resolver

On Thu, Mar 3, 2016 at 6:43 AM, Tony Finch via Unbound-users < unbound-users@unbound.net> wrote: > Havard Eidnes wrote: > > > > > CD=1 is the wrong thing when querying a forwarder. When a > > > domain is partly broken, queries that work with CD=0 can be > > > forced to fail with

Re: SOLVED: postbank.de / dslbank.de and DNSSEC and DANE

On Tue, Feb 2, 2016 at 11:59 AM, A. Schulze via Unbound-users < unbound-users@unbound.net> wrote: > > if I disable "use-caps-for-id" I get NXDOMAIN from unbound. > so "caps-whitelist: postbank.de" solved the issue for me. > > Looks like the postbank.de servers aren't performing a proper NSEC3

Re: Unbound and DNSSEC - different answers from 1.4.22 and 1.5.6

On Wed, Nov 25, 2015 at 10:19 AM, Aleš Rygl wrote: > I am running Unbound 1.4.22 on Debian 7.9 for production and have also > installed Unbound 1.5.6-1 on Debian 8.2. Both are validating with nearly > identical config. > In the 1.5.5 release, the following default