Re: verify failed for dnssec enabled senderdomain

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Mon, 22 Nov 2010 18:14:53 -0800 (PST)

On Mon, 22 Nov 2010, Andreas Schulze wrote:
> Notice the "secure key" and "secure policy" !!!
> but still no valid verify:-(

I mailed you a patch earlier that fixes this. At some point during the
DNS code reworking, the merge of the unbound support code with the rest of
the DNS code base resulted in a check for multiple records. When DNSSEC
is not in use, we want this check because (for example) two TXT records or
a CNAME going nowhere should result in an error. But with DNSSEC, we have
to expect that the TXT record will come back with an accompanying RRSIG
record, and the code was rejecting this case.

This patch will be included in the next release.

> I have "Diagnostics yes" in receivers opendkim
> but DiagnosticDirectory is still empty.

I'm pretty sure that only gets populated for mail that has a "z=" tag
which also fails to verify.

-MSK
Received on Tue Nov 23 2010 - 02:15:25 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:54 PST