> On Jan 25, 2017, at 1:57 PM, Jac Backus wrote:
>
> I wondered if it was, because the zone was only signed partially. So it shows
> only the A record, because that is all that is signed. And the TXT record is
> not signed.
> But I suppose that may not even be
: Casey Deccio [mailto:ca...@deccio.net]
Verzonden: woensdag 25 januari 2017 20:19
Aan: Jac Backus
CC: A. Schulze; unbound-users@unbound.net
Onderwerp: Re: Validation failure signature crypto failed
> On Jan 25, 2017, at 3:35 AM, Jac Backus via Unbound-users
> <unbound-users@unbound.n
> On Jan 25, 2017, at 3:35 AM, Jac Backus via Unbound-users
> wrote:
>
> Why does dnsviz not show the TXT record without selecting it in Advanced?
It was simply a choice of efficiency. By default queries for MX, TXT, NS, and
SOA are only issued if the name is a
Am 24.01.2017 um 22:11 schrieb Jac Backus:
> But for mail.crypsys.nl dnsviz.net shows only an A record, but no TXT record:
http://dnsviz.net/d/mail.crypsys.nl/dnssec/
- click "update now"
- click "Advanced options (forced ancestor analysis, recursive, explicit
delegation, etc.)"
- select
Am 24.01.2017 um 16:56 schrieb W.C.A. Wijngaards via Unbound-users:
> It means that the contents of the TXT record have been altered, and the
> text in it does not match the RRSIG digital signature. If this was a
> spurious technical failure, it could be due to upper/lowercase somehow
>
Hi Jac,
I don't really know about postfix or email, but 'signature crypto
failed' means that the data did not match the signature. Thus SERVFAIL
is the correct rcode.
It means that the contents of the TXT record have been altered, and the
text in it does not match the RRSIG digital signature.
contains bad rrsets
Jan 24 13:44:25 unbound[487:0] info: validation failure : signature crypto failed from 2.2.2.2
Is this a valid SERVFAIL?
Could some help me? Thanks.
With kind regards,
Jac