Dne 17.9.2014 16:05, Ondřej Caletka napsal(a): > Hi, > > I'm having an issue with validating particular domain names: > > $ dig _25._tcp.mail.relia-pc.cz tlsa > $ dig _443._tcp.kinderporno.cz tlsa > - validates with BIND, fails with Unbound 1.4.21 > - unbound-host says that cname proof failed > > I'm suspecting that there is something wrong on the authoritative side > since both domains are hosted on the same set of servers. But I'm not > able to figure out, what exactly is wrong and how the answers should > look like to be validated successfully by Unbound. >
Hello again, I think I've found answer in DANE WG ML: http://www.ietf.org/mail-archive/web/dane/current/msg06960.html Looks like the issue is actually caused by bad wildcard DNSSEC processing in djbdns. Thanks for help. -- Ondřej Caletka
smime.p7s
Description: Elektronicky podpis S/MIME
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
