Hello Karel I'm using Firefox.
I forgot that you are using libunbound. I vaguely remember that Unbound <1.4.8 is validating using the conservative approach. Upgrading to a newer version will likely resolve the issue. Daniel On 01.08.16 10:37, Karel Slany wrote: > Hello Daniel, > > you didn't write which browser you were using. > > The add-on uses libunbound internally. We are probably going to create a > new release of the extension (for Firefox only) using latest version of > the library. > > We have been struggling with the support of the DNSSEC/TLSA Validator > extension because of the constantly changing APIs in browsers and > increasing limitations of the interfaces. We will probably cancel the > support for all browsers except Firefox. > > Best regards, > Karel. > > Am 25.07.2016 um 17:29 schrieb Daniel Stirnimann: >> Hi >> >> I noticed that onion.link is currently rolling from algo 5 to 8. See >> http://dnsviz.net/d/onion.link/V5YqSw/dnssec/ >> >> DNSviz contains a error "notice": >> link to onion.link: The DS RRset for the zone included algorithm 5 >> (RSASHA1), but no DS RR matched a DNSKEY with algorithm 5 that signs the >> zone's DNSKEY RRset. >> >> Reading 4.1.4. Algorithm Rollovers (RFC 6781) >> (https://tools.ietf.org/html/rfc6781#section-4.1.4), I interpret it that >> it is only a notice and not a warning because it validates using the >> more liberal approach. In fact, it validates on my BIND resolver. >> >> Is dnssec-validator add-on using the conservative approach? If so, I >> believe this is a mistake and should be resolved, not? >> >> Daniel >> >> >> >> >> _______________________________________________ >> dnssec-validator-users mailing list >> [email protected] >> https://lists.nic.cz/cgi-bin/mailman/listinfo/dnssec-validator-users >> > -- SWITCH Daniel Stirnimann, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, direct +41 44 268 16 24 [email protected], http://www.switch.ch
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnssec-validator-users mailing list [email protected] https://lists.nic.cz/cgi-bin/mailman/listinfo/dnssec-validator-users
