FW: Validation failure signature crypto failed

Jac Backus j.backus at bugworks.com
Wed Jan 25 10:35:36 UTC 2017


Hello Andreas,

Thanks, that is useful.

Why does dnsviz not show the TXT record without selecting it in Advanced?
Did they only sign the A record?

With kind regards,

Jac

-----Oorspronkelijk bericht-----
Van: A. Schulze [mailto:sca at andreasschulze.de] 
Verzonden: dinsdag 24 januari 2017 23:15
Aan: Jac Backus <j.backus at bugworks.com>; unbound-users at unbound.net
Onderwerp: Re: FW: Validation failure signature crypto failed



Am 24.01.2017 um 22:11 schrieb Jac Backus:
> But for mail.crypsys.nl dnsviz.net shows only an A record, but no TXT record:

http://dnsviz.net/d/mail.crypsys.nl/dnssec/

- click "update now"
- click "Advanced options (forced ancestor analysis, recursive, explicit delegation, etc.)"
- select "TXT" as Extra Typ
- click Analyze
- DNSSEC and Response proof the TXT-Record has an invalid signature

Disable DNSSEC validation for that domain in your unbound.conf (domain-insecure: mail.crypsys.nl) and try to contact the domain owner.

Andreas



More information about the Unbound-users mailing list