[Pdns-users] Still having DNSSEC validation problems with 3.4.1
bert hubert
bert.hubert at netherlabs.nl
Sat Dec 6 19:46:54 UTC 2014
On Fri, Dec 05, 2014 at 10:55:36AM -0500, Craig Despeaux wrote:
> Dec 05 10:44:47 unbound[26907:7] info: validation failure <net. ANY IN>:
> signature crypto failed from 192.168.0.7
Can you reproduce without 'ANY'? So only A records or SOA records etc.
> Am I missing a step or is PowerDNS broken?
Perhaps. We frequently encounter interoperability problems with DNSSEC,
sometimes with BIND, sometimes with Unbound. Sometimes we are at fault,
sometimes they are, and sometimes we go into deep sceances with RFC authors
to figure that out.
PowerDNS serves the vast majority of DNSSEC zones in the world, so it should
be unlikely that something is terribly broken though. But not too many
people use our BIND backend in presigned mode, so some broken stuff may hide
there.
But let's debug! Feel free to join our IRC channel where we can provide more
immediate feedback. We hang out in #powerdns and #powerdns-dev on OFTC
(irc.oftc.net).
Bert
>
> Thanks,
> Craig
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list