[Unbound-users] Expired RRSIGs, yet still "AD" flag set

Hauke Lampe lampe at hauke-lampe.de
Wed Mar 30 13:48:06 UTC 2011

Jan-Piet Mens wrote:

----- Original message -----
> > I was just curious why mail to that domain still got delivered, even
> > though the BIND resolver logged lots of validation failures.
> Maybe from MXs that are using non-validating resolvers?

I'm the sender, not the receiver.

The mailserver uses two resolvers, BIND and Unbound. BIND returned SERVFAIL while Unbound still served a "validated" answer. Both should have cached the answer earlier, as there's a constant flow of mail towards mixmin.net from here. I don't know if it had already expired from BIND's cache, though.


More information about the Unbound-users mailing list