FW: Validation failure signature crypto failed
Jac Backus
j.backus at bugworks.com
Wed Jan 25 10:35:36 UTC 2017
Hello Andreas,
Thanks, that is useful.
Why does dnsviz not show the TXT record without selecting it in Advanced?
Did they only sign the A record?
With kind regards,
Jac
-----Oorspronkelijk bericht-----
Van: A. Schulze [mailto:sca at andreasschulze.de]
Verzonden: dinsdag 24 januari 2017 23:15
Aan: Jac Backus <j.backus at bugworks.com>; unbound-users at unbound.net
Onderwerp: Re: FW: Validation failure signature crypto failed
Am 24.01.2017 um 22:11 schrieb Jac Backus:
> But for mail.crypsys.nl dnsviz.net shows only an A record, but no TXT record:
http://dnsviz.net/d/mail.crypsys.nl/dnssec/
- click "update now"
- click "Advanced options (forced ancestor analysis, recursive, explicit delegation, etc.)"
- select "TXT" as Extra Typ
- click Analyze
- DNSSEC and Response proof the TXT-Record has an invalid signature
Disable DNSSEC validation for that domain in your unbound.conf (domain-insecure: mail.crypsys.nl) and try to contact the domain owner.
Andreas
More information about the Unbound-users
mailing list