Hi Rainer, On 23-01-19 10:55, Rainer Duffner via Unbound-users wrote: > Hi, > > somebody complained that our resolvers could no longer resolve > energystar.gov > > https://dnssec-analyzer.verisignlabs.com/energystar.gov > > It seems the reports of the crumbling security of the .gov domain as a > side-effect of the shutdown aren't exaggerated: > > https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html > > > > Or am I doing something wrong?
You are not wrong here, the zone contains expired signatures and does therefore not validate. -- Ralph > > > Strange enough, our AD resolvers that forward to our unbound validating > resolvers still report an IP, with a TTL of 0 (zero, nought). > > > > Rainer
