keltia.net is signed, is in DLV an the signatures are expired since yesterday.
Yet, Unbound 1.3.2 accepts it and flags it as authentic: % dig +dnssec MX keltia.net ; <<>> DiG 9.5.1-P3 <<>> +dnssec MX keltia.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6769 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 13 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;keltia.net. IN MX ;; ANSWER SECTION: keltia.net. 86233 IN MX 10 mail.keltia.net. keltia.net. 86233 IN RRSIG MX 5 2 86400 20091015081308 20090915081308 25800 keltia.net. tXBmSqNYOS3yRbEpWo4Awd6idVvpNlrc02GEx2OYWMwapBDYPoANLhAb kl9lEgsHuVZQpDL//3pylsTAwVUvoy0TVCg7rWjwgvoMo/KTPmYZDldF uYe35HzuUdUJhlcOZbPGr5TtnpXf3cSZljDOp6DKOX879DhlMilsOMvD ZYs= ;; AUTHORITY SECTION: keltia.net. 86233 IN NS ns0.keltia.net. keltia.net. 86233 IN NS ns.frmug.org. keltia.net. 86233 IN NS aran.keltia.net. keltia.net. 86233 IN RRSIG NS 5 2 86400 20091015081308 20090915081308 25800 keltia.net. Sud5y0rCzuQUCjafZazlQ6vw0XC15TmBYDolM9bi6j19ehpgCeurBPGm YqsJwYB1u4L/LeFA56kC5cVZDplrZruafhcLrJKCAscS76QCYikOwV0I 5oIDnG9OMiI2lULeMQqRdZu1kT1qsPGQ9PT32HF9J7PRME5evNlDvxBE lo4= ;; ADDITIONAL SECTION: mail.keltia.net. 86233 IN A 82.230.37.243 mail.keltia.net. 86233 IN AAAA 2001:660:330f:f820:213:72ff:fe15:f44 ns0.keltia.net. 86233 IN A 82.230.37.243 ns0.keltia.net. 86233 IN AAAA 2001:660:330f:f820:213:72ff:fe15:f44 aran.keltia.net. 86233 IN A 88.191.250.24 aran.keltia.net. 86233 IN AAAA 2a01:240:fe00:59::2 mail.keltia.net. 86233 IN RRSIG A 5 3 86400 20091015081308 20090915081308 25800 keltia.net. dm8kHHC1K2jMNAY+TOoqati2dxgSLPegZgTL7xGHVLQrBsvcFZVlptnB VG2KkWXtNoql5GckwEh4n8SYg2r1FA1cTHt1EnO6pD+k54v8z2nwuAiv ju4yZcFgM+tJA4QR7qrdwmnhsvGdcjsf/zkYgCzBStSELo3CSayYXOy0 UuA= mail.keltia.net. 86233 IN RRSIG AAAA 5 3 86400 20091015081308 20090915081308 25800 keltia.net. ZsO9mcE8iNSx39ssAhylrP6vMYXmKWQpW1KXKXWr7P4cfnNM6pe5R/+0 6UrLNV1lMFIUU0MDRn0g3KdFGDt2yd0XDzGo03MUU2UuNl6GtKDMHM5q dQsGXz/LWerlrbPSOuKG5xpOs5rxCdgppYyAwmYo0GNn56WF9lmxrUeD +W8= ns0.keltia.net. 86233 IN RRSIG A 5 3 86400 20091015081308 20090915081308 25800 keltia.net. Q8xG4YnbWZq2J9UASpaX6CBf9wmCKGxpVGy/H6qXZQ3+XA64dwLIOp7N dCh4C5s+3gTOKd8j6qpJ79R8CblobLKFPmcHoVXbZZipHYRaQegWAIKQ hslLCtqtvbzrItroiGTdU0jQshWnqnJByg5JMlL+F0d10yAsfCAFns61 AXM= ns0.keltia.net. 86233 IN RRSIG AAAA 5 3 86400 20091015081308 20090915081308 25800 keltia.net. u2/WbIUXv83LalE644J8iP7GjEfffJsjT7ZWPxCsZrwT3uQCAKtiaYfL XZMHY0vPZ4nORqI5J72w1om1s3bxhs6NAmtISxSYQLpUGLzzyFRTpn7i 68or3eE0B23bI727yhByI3UUyYfbbT13ouKHOPULwHJmFPcgAdhg6Mmo yJc= aran.keltia.net. 86233 IN RRSIG A 5 3 86400 20091015081308 20090915081308 25800 keltia.net. KOXB+XfAPLQcJhWPKCAid+dTt0VvntkcnpFJ2VWyKhnUgQPq42QDORUy aHhPAukDBOQ7yx6GYbEgC8DO/BQXKUGyBTA6erRjcIvM9SdsZJOFV6Cm lIjOPJRe/Q1JjX4MDjPCDux///C5AFMSCNaut2JjnGbweeHV0NpWWbRx QG0= aran.keltia.net. 86233 IN RRSIG AAAA 5 3 86400 20091015081308 20090915081308 25800 keltia.net. EMpt7TYL53rK1ihab8uL5ytArqbVdvtHOMYAtp8sa8xJByEpTOGd9gSP aX8Ba6ifGOwCUONXIYtVRkgXQCxwITSlEbRPODcl/OaL3Yw+rrEgiaru WfZyBsWYLlXMDiRdSUxwld3a6umV267XEq52oeuEj4z0Kr7yvs1UYiNo CI8= ;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Fri Oct 16 09:26:45 2009 ;; MSG SIZE rcvd: 1615 BIND 9.5.1, rightly so, refuses it: % dig +dnssec MX keltia.net ; <<>> DiG 9.5.1-P3 <<>> +dnssec MX keltia.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48404 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;keltia.net. IN MX ;; Query time: 992 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Oct 16 09:27:03 2009 ;; MSG SIZE rcvd: 39 _______________________________________________ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
