[Unbound-users] Strange validation failures for some wildcard CNAMEs
ondrej at caletka.cz
Mon Sep 22 12:58:23 CEST 2014
Dne 17.9.2014 16:05, Ondřej Caletka napsal(a):
> I'm having an issue with validating particular domain names:
> $ dig _25._tcp.mail.relia-pc.cz tlsa
> $ dig _443._tcp.kinderporno.cz tlsa
> - validates with BIND, fails with Unbound 1.4.21
> - unbound-host says that cname proof failed
> I'm suspecting that there is something wrong on the authoritative side
> since both domains are hosted on the same set of servers. But I'm not
> able to figure out, what exactly is wrong and how the answers should
> look like to be validated successfully by Unbound.
I think I've found answer in DANE WG ML:
Looks like the issue is actually caused by bad wildcard DNSSEC
processing in djbdns.
Thanks for help.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4287 bytes
Desc: Elektronicky podpis S/MIME
More information about the Unbound-users