Maintained by: NLnet Labs

Validation failure signature crypto failed

Casey Deccio
Wed Jan 25 22:04:31 CET 2017


> On Jan 25, 2017, at 1:57 PM, Jac Backus <j.backus at bugworks.com> wrote:
> 
> I wondered if it was, because the zone was only signed partially. So it shows only the A record, because that is all that is signed. And the TXT record is not signed. 
> But I suppose that may not even be possible.

There certainly are cases (with various causes) where RRSIGs are not returned with some RRsets although they are returned with others in the same zone.  In this case, however, RRSIGs are returned for both--if they are queried--but the RRSIG covering the TXT RRset does not validate.

Casey