Thanks, Casey, for the explanation. I wondered if it was, because the zone was only signed partially. So it shows only the A record, because that is all that is signed. And the TXT record is not signed. But I suppose that may not even be possible.
Jac -----Oorspronkelijk bericht----- Van: Casey Deccio [mailto:[email protected]] Verzonden: woensdag 25 januari 2017 20:19 Aan: Jac Backus CC: A. Schulze; [email protected] Onderwerp: Re: Validation failure signature crypto failed > On Jan 25, 2017, at 3:35 AM, Jac Backus via Unbound-users > <[email protected]> wrote: > > Why does dnsviz not show the TXT record without selecting it in Advanced? It was simply a choice of efficiency. By default queries for MX, TXT, NS, and SOA are only issued if the name is a zone apex because it is more common to see those records at a zone apex. It would be a bit slower and require more storage to keep track of the less common case. The option of specifying TXT (and others) allows some flexibility beyond the defaults. Casey
