Validation failure signature crypto failed

Jac Backus j.backus at bugworks.com
Wed Jan 25 20:57:09 UTC 2017


Thanks, Casey, for the explanation.

I wondered if it was, because the zone was only signed partially. So it shows only the A record, because that is all that is signed. And the TXT record is not signed. 
But I suppose that may not even be possible.

Jac

-----Oorspronkelijk bericht-----
Van: Casey Deccio [mailto:casey at deccio.net] 
Verzonden: woensdag 25 januari 2017 20:19
Aan: Jac Backus
CC: A. Schulze; unbound-users at unbound.net
Onderwerp: Re: Validation failure signature crypto failed


> On Jan 25, 2017, at 3:35 AM, Jac Backus via Unbound-users <unbound-users at unbound.net> wrote:
> 
> Why does dnsviz not show the TXT record without selecting it in Advanced?

It was simply a choice of efficiency.  By default queries for MX, TXT, NS, and SOA are only issued if the name is a zone apex because it is more common to see those records at a zone apex.  It would be a bit slower and require more storage to keep track of the less common case.  The option of specifying TXT (and others) allows some flexibility beyond the defaults.

Casey



More information about the Unbound-users mailing list