I noticed this several months ago, and figured it was just my setup, but now I've updated to 0.8, noticed the same problem with my install of dnssec-trigger (which uses unbound as well), and noticed a comment on https://addons.mozilla.org/en-US/firefox/addon/extended-dnssec-validator/reviews/ that complains of an invalid signature on mozilla.com, so I figure I'd better get responsible and file a report.
Here are two sites I'm sure have valid signatures, but are being reported as insecure:
I've tried using my local validating resolver, my ISP's upstream resolver, and the Google public DNS service. No luck.
I noticed this several months ago, and figured it was just my setup, but now I've updated to 0.8, noticed the same problem with my install of dnssec-trigger (which uses unbound as well), and noticed a comment on https://addons.mozilla.org/en-US/firefox/addon/extended-dnssec-validator/reviews/ that complains of an invalid signature on mozilla.com, so I figure I'd better get responsible and file a report.
Here are two sites I'm sure have valid signatures, but are being reported as insecure:
I've tried using my local validating resolver, my ISP's upstream resolver, and the Google public DNS service. No luck.