[dns-operations] DNSSEC validation - salliemae.com

Robert Blayzor rblayzor.bulk at inoc.net
Thu Aug 8 18:27:23 UTC 2019

On 8/8/19 2:07 PM, Joe Abley wrote:
> I get a response with a signature:
> [anchovy:~]% dig @ salliemae.com IN A +dnssec +multiline

I think it was more my point is that their NS records and SOA records
return a bad signature and hence SERVFAIL.

I would probably expect that to cause all kinds of other problems;
perhaps thats the reason why it's broken in unbound.

This is the only domain I'm having a problem with with unbound
resolving. Like I said, in unbound I'm sometimes getting a timeout and
other times just getting a SERVFAIL.

XMPP: rblayzor.AT.inoc.net
PGP:  https://pgp.inoc.net/rblayzor/

More information about the dns-operations mailing list