Maintained by: NLnet Labs

[Unbound-users] Strange validation failures for some wildcard CNAMEs

Ondřej Caletka
Wed Sep 17 16:05:35 CEST 2014


Hi,

I'm having an issue with validating particular domain names:

$ dig _25._tcp.mail.relia-pc.cz tlsa
$ dig _443._tcp.kinderporno.cz tlsa
 - validates with BIND, fails with Unbound 1.4.21
 - unbound-host says that cname proof failed

I'm suspecting that there is something wrong on the authoritative side
since both domains are hosted on the same set of servers. But I'm not
able to figure out, what exactly is wrong and how the answers should
look like to be validated successfully by Unbound.

Thanks in advance for any help.

--
Ondřej Caletka


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4287 bytes
Desc: Elektronicky podpis S/MIME
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140917/6cab8047/attachment-0001.bin>