search

danefail / list

The DANE fail list
MIT License
15 stars 4 forks source link

Remove marketconservative.com #22

Closed desh-se closed 6 years ago

desh-se commented 6 years ago

Halon:

hsh: smtp_lookup_rcpt: DANE: No TLSA RR for mx1.marketconservative.com

Unbound:

# unbound-host -f /var/unbound/db/root.key -dv -t TLSA _25._tcp.mx1.marketconservative.com
[1516141437] libunbound[59448:0] info: response for ns2.psyclonecontacts.net. AAAA IN
Host _25._tcp.mx1.marketconservative.com not found: 3(NXDOMAIN). (secure)
# unbound-host -f /var/unbound/db/root.key -dv -t TLSA _25._tcp.mx2.marketconservative.com 
[1516141546] libunbound[33660:0] info: resolving ns1.psyclonecontacts.net. AAAA IN
Host _25._tcp.mx2.marketconservative.com not found: 3(NXDOMAIN). (secure)
vdukhovni commented 6 years ago

I see ongoing problems resolving the TLSA records at dnsviz.net:

http://dnsviz.net/d/_25._tcp.mx1.marketconservative.com/dnssec/

It looks to me like unbound is wrong in accepting the incompletely proved NXDomain

vdukhovni commented 6 years ago

Looks like the issue will be fixed in the next version of unbound, which then will also consider this domain's TLSA response as bogus.

https://unbound.nlnetlabs.nl/pipermail/unbound-users/2018-January/005065.html

desh-se commented 6 years ago

Still bogus data in NODATA/NX proof http://dnsviz.net/d/_25._tcp.mx1.marketconservative.com/dnssec/ and therefore closing ticket as unsolved.