[dns-operations] DNSSEC validation - salliemae.com
rblayzor.bulk at inoc.net
Thu Aug 8 18:27:23 UTC 2019
On 8/8/19 2:07 PM, Joe Abley wrote:
> I get a response with a signature:
> [anchovy:~]% dig @22.214.171.124 salliemae.com IN A +dnssec +multiline
I think it was more my point is that their NS records and SOA records
return a bad signature and hence SERVFAIL.
I would probably expect that to cause all kinds of other problems;
perhaps thats the reason why it's broken in unbound.
This is the only domain I'm having a problem with with unbound
resolving. Like I said, in unbound I'm sometimes getting a timeout and
other times just getting a SERVFAIL.
More information about the dns-operations