On 15 December 2017 at 6:09:19 pm, W.C.A. Wijngaards via Unbound-users ([email protected]) wrote: When I run unbound-host, I get no errors, ./unbound-host www.wilda.nsec.0skar.czwww.wilda.nsec.0skar.cz -f root.key -v -t A www.wilda.nsec.0skar.czwww.wilda.nsec.0skar.cz has address 85.239.227.179 (secure)
Unbound performs serial arithmatic on the timestamps in the rrsig, according to RFC. (What does that mean? The timestamps are 32bit in the RRSIG, but the value is interpreted relative to the current date. And what you cannot do is express something like a point more than some number of years future or past.) Best regards, Wouter Hello Wouter, Thanks for the insight. Maybe this has something to with the platform? CentOS 6.9: $ unbound-host -v -f /etc/unbound/root.key -t A www.wilda.nsec.0skar.cz www.wilda.nsec.0skar.cz is an alias for flexi.oskarcz.net. (secure) flexi.oskarcz.net has address 85.239.227.179 (secure) MacOS 10.13.2 (High Sierra): $ unbound-host -v -t A -f /usr/local/etc/unbound/root.key www.wilda.nsec.0skar.cz www.wilda.nsec.0skar.cz is an alias for flexi.oskarcz.net. (BOGUS (security failure)) flexi.oskarcz.net has address 85.239.227.179 (BOGUS (security failure)) validation failure <www.wilda.nsec.0skar.cz. A IN>: signature inception after expiration from 85.239.227.179 for key nsec.0skar.cz. while building chain of trust FreeBSD 11.1: $ unbound-host -v -f /usr/local/etc/unbound/root.key -t A www.wilda.nsec.0skar.cz www.wilda.nsec.0skar.cz is an alias for flexi.oskarcz.net. (BOGUS (security failure)) flexi.oskarcz.net has address 85.239.227.179 (BOGUS (security failure)) validation failure <www.wilda.nsec.0skar.cz. A IN>: signature inception after expiration from 2001:1528:132:70::1 for key nsec.0skar.cz. while building chain of trust Kind Regards Sebastian
