Validation failure signature crypto failed

Casey Deccio casey at deccio.net
Wed Jan 25 21:04:31 UTC 2017


> On Jan 25, 2017, at 1:57 PM, Jac Backus <j.backus at bugworks.com> wrote:
> 
> I wondered if it was, because the zone was only signed partially. So it shows only the A record, because that is all that is signed. And the TXT record is not signed. 
> But I suppose that may not even be possible.

There certainly are cases (with various causes) where RRSIGs are not returned with some RRsets although they are returned with others in the same zone.  In this case, however, RRSIGs are returned for both--if they are queried--but the RRSIG covering the TXT RRset does not validate.

Casey


More information about the Unbound-users mailing list