Re: Validation failure signature crypto failed

2017-01-25 Thread Casey Deccio via Unbound-users
> On Jan 25, 2017, at 1:57 PM, Jac Backus wrote: > > I wondered if it was, because the zone was only signed partially. So it shows > only the A record, because that is all that is signed. And the TXT record is > not signed. > But I suppose that may not even be

RE: Validation failure signature crypto failed

2017-01-25 Thread Jac Backus via Unbound-users
: Casey Deccio [mailto:ca...@deccio.net] Verzonden: woensdag 25 januari 2017 20:19 Aan: Jac Backus CC: A. Schulze; unbound-users@unbound.net Onderwerp: Re: Validation failure signature crypto failed > On Jan 25, 2017, at 3:35 AM, Jac Backus via Unbound-users > <unbound-users@unbound.n

Re: Validation failure signature crypto failed

2017-01-25 Thread Casey Deccio via Unbound-users
> On Jan 25, 2017, at 3:35 AM, Jac Backus via Unbound-users > wrote: > > Why does dnsviz not show the TXT record without selecting it in Advanced? It was simply a choice of efficiency. By default queries for MX, TXT, NS, and SOA are only issued if the name is a

Re: FW: Validation failure signature crypto failed

2017-01-24 Thread A. Schulze via Unbound-users
Am 24.01.2017 um 22:11 schrieb Jac Backus: > But for mail.crypsys.nl dnsviz.net shows only an A record, but no TXT record: http://dnsviz.net/d/mail.crypsys.nl/dnssec/ - click "update now" - click "Advanced options (forced ancestor analysis, recursive, explicit delegation, etc.)" - select

Re: FW: Validation failure signature crypto failed

2017-01-24 Thread A. Schulze via Unbound-users
Am 24.01.2017 um 16:56 schrieb W.C.A. Wijngaards via Unbound-users: > It means that the contents of the TXT record have been altered, and the > text in it does not match the RRSIG digital signature. If this was a > spurious technical failure, it could be due to upper/lowercase somehow >

Re: FW: Validation failure signature crypto failed

2017-01-24 Thread W.C.A. Wijngaards via Unbound-users
Hi Jac, I don't really know about postfix or email, but 'signature crypto failed' means that the data did not match the signature. Thus SERVFAIL is the correct rcode. It means that the contents of the TXT record have been altered, and the text in it does not match the RRSIG digital signature.

FW: Validation failure signature crypto failed

2017-01-24 Thread Jac Backus via Unbound-users
contains bad rrsets Jan 24 13:44:25 unbound[487:0] info: validation failure : signature crypto failed from 2.2.2.2 Is this a valid SERVFAIL? Could some help me? Thanks. With kind regards, Jac