FW: Validation failure signature crypto failed
A. Schulze
sca at andreasschulze.de
Tue Jan 24 20:07:02 UTC 2017
Am 24.01.2017 um 16:56 schrieb W.C.A. Wijngaards via Unbound-users:
> It means that the contents of the TXT record have been altered, and the
> text in it does not match the RRSIG digital signature. If this was a
> spurious technical failure, it could be due to upper/lowercase somehow
> getting changed (inside the text record), or people editing the contents
> by hand without running the signer again.
at first I could check if disabling dnssec validation help:
$ dig mail.acme.com. txt +cdflag
next I would use an external validator to check if the domain owner
signed the domain correctly.
http://dnsviz.net or https://zonemaster.net are a good services for such jobs.
Andreas
More information about the Unbound-users
mailing list