[Unbound-users] Expired RRSIGs, yet still "AD" flag set
lampe at hauke-lampe.de
Wed Mar 30 13:04:15 UTC 2011
On 30.03.2011 14:54, Andreas Schulze wrote:
>> I have a case here where RRSIGs expired, yet Unbound still sets the "AD"
>> flag in responses.
> not here: (unbound-1.4.9)
> # unbound-host -C /etc/unbound/unbound.conf -v mixmaster.mixmin.net.
> mixmaster.mixmin.net. mail is handled by 10 snorky.mixmin.net. (insecure)
You're right. mixmin.net isn't chained from .net anymore (it used to
be). It's still listed in dlv.isc.org, that's where my resolver got the
trust chain from. I notified the domain owner. He'll fix it soon.
I was just curious why mail to that domain still got delivered, even
though the BIND resolver logged lots of validation failures.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users