> On Jan 25, 2017, at 1:57 PM, Jac Backus wrote:
>
> I wondered if it was, because the zone was only signed partially. So it shows
> only the A record, because that is all that is signed. And the TXT record is
> not signed.
> But I suppose that may not even be
> On Jan 25, 2017, at 3:35 AM, Jac Backus via Unbound-users
> wrote:
>
> Why does dnsviz not show the TXT record without selecting it in Advanced?
It was simply a choice of efficiency. By default queries for MX, TXT, NS, and
SOA are only issued if the name is a
On Fri, Jul 15, 2016 at 4:13 AM, A. Schulze via Unbound-users <
unbound-users@unbound.net> wrote:
>
> DNSVIZ say it's valid:
> http://dnsviz.net/d/_25._tcp.eldinhadzic.com/dnssec/
> how can I check my unbound could validate such data at all?
>
>
I've added some checks to DNSViz to flag problems
On Thu, Mar 3, 2016 at 6:43 AM, Tony Finch via Unbound-users <
unbound-users@unbound.net> wrote:
> Havard Eidnes wrote:
> >
> > > CD=1 is the wrong thing when querying a forwarder. When a
> > > domain is partly broken, queries that work with CD=0 can be
> > > forced to fail with
On Tue, Feb 2, 2016 at 11:59 AM, A. Schulze via Unbound-users <
unbound-users@unbound.net> wrote:
>
> if I disable "use-caps-for-id" I get NXDOMAIN from unbound.
> so "caps-whitelist: postbank.de" solved the issue for me.
>
>
Looks like the postbank.de servers aren't performing a proper NSEC3
On Wed, Nov 25, 2015 at 10:19 AM, Aleš Rygl
wrote:
> I am running Unbound 1.4.22 on Debian 7.9 for production and have also
> installed Unbound 1.5.6-1 on Debian 8.2. Both are validating with nearly
> identical config.
>
In the 1.5.5 release, the following default