On Oct 12, 2009, at 11:05 PM, David Blacka wrote:
On Oct 12, 2009, at 4:44 PM, Stephane Bortzmeyer wrote:
Indeed, it fails for me through Unbound.
Me too. unbound-host reports the following:
% unbound-host -f /usr/local/etc/unbound/anchors.mf -vd -t soa se
...
[1255381375] libunbound[24020:0] info: Successfully primed trust
anchor <SE. DNSKEY IN>
[1255381375] libunbound[24020:0] info: Validate: message contains
bad rrsets
se has SOA record catcher-in-the-rye.nic.se. registry-
default.nic.se. 2009101211 1800 1800 2419200 7200 (BOGUS (security
failure))
oops.
I managed to replicate the validation failure at the apex. SE also
contains a TXT record at its apex. That seems to validate correctly.
--Olaf
________________________________________________________
Olaf M. Kolkman NLnet Labs
Science Park 140,
http://www.nlnetlabs.nl/ 1098 XG Amsterdam
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
