FW: Validation failure signature crypto failed

A. Schulze sca at andreasschulze.de
Tue Jan 24 20:07:02 UTC 2017

Am 24.01.2017 um 16:56 schrieb W.C.A. Wijngaards via Unbound-users:

> It means that the contents of the TXT record have been altered, and the
> text in it does not match the RRSIG digital signature.  If this was a
> spurious technical failure, it could be due to upper/lowercase somehow
> getting changed (inside the text record), or people editing the contents
> by hand without running the signer again.

at first I could check if disabling dnssec validation help:
$ dig mail.acme.com. txt +cdflag

next I would use an external validator to check if the domain owner
signed the domain correctly.
http://dnsviz.net or https://zonemaster.net are a good services for such jobs.


More information about the Unbound-users mailing list