[Unbound-users] Validation failure of DNSSEC signed domain names

Zbynek Michl zbynek.michl at nic.cz
Thu Apr 29 17:21:23 UTC 2010


On 29.4.2010 17:56, Zbynek Michl wrote:
>> I have just made fixes to svn trunk that may help in this case. But
>> they may not be sufficient to help you here (its about looking in the
>> key cache to see if nic.cz needs DNSSEC).
>
> Ok, thanks, I will try the latest trunk version.

Hmm, r2106 experiences the same issue :(

It seems that there is no exact change between correct/incorrect validation in 
the one time point. On the start there are all answers correct, and when I am 
trying more and more (different in a few cycles) requests, then there are more 
and more incorrect answers. And in some time point all answers are incorrect 
from the resolver until cache is flushed (probably).

Regards,
Zbynek



More information about the Unbound-users mailing list