Hello Andreas, Thanks, that is useful.
Why does dnsviz not show the TXT record without selecting it in Advanced? Did they only sign the A record? With kind regards, Jac -----Oorspronkelijk bericht----- Van: A. Schulze [mailto:[email protected]] Verzonden: dinsdag 24 januari 2017 23:15 Aan: Jac Backus <[email protected]>; [email protected] Onderwerp: Re: FW: Validation failure signature crypto failed Am 24.01.2017 um 22:11 schrieb Jac Backus: > But for mail.crypsys.nl dnsviz.net shows only an A record, but no TXT record: http://dnsviz.net/d/mail.crypsys.nl/dnssec/ - click "update now" - click "Advanced options (forced ancestor analysis, recursive, explicit delegation, etc.)" - select "TXT" as Extra Typ - click Analyze - DNSSEC and Response proof the TXT-Record has an invalid signature Disable DNSSEC validation for that domain in your unbound.conf (domain-insecure: mail.crypsys.nl) and try to contact the domain owner. Andreas
