[Unbound-users] Expired RRSIGs, yet still "AD" flag set
lampe at hauke-lampe.de
Wed Mar 30 13:48:06 UTC 2011
Jan-Piet Mens wrote:
----- Original message -----
> > I was just curious why mail to that domain still got delivered, even
> > though the BIND resolver logged lots of validation failures.
> Maybe from MXs that are using non-validating resolvers?
I'm the sender, not the receiver.
The mailserver uses two resolvers, BIND and Unbound. BIND returned SERVFAIL while Unbound still served a "validated" answer. Both should have cached the answer earlier, as there's a constant flow of mail towards mixmin.net from here. I don't know if it had already expired from BIND's cache, though.
More information about the Unbound-users