Reasons of SERVFAIL
Ondřej Surý
ondrej at isc.org
Sat Feb 8 11:05:23 UTC 2020
If `dig +dnssec +cd emeraldonion.org mx` will give you answers and `dig +dnssec emeraldonion.org mx` does not, then it’s most probably validation failure.
Then of course based on your logging setup, the validation failures might be visible in BIND 9 log.
Ondrej
--
Ondřej Surý
ondrej at isc.org
> On 8 Feb 2020, at 02:53, Alessandro Vesely <vesely at tana.it> wrote:
>
> Hi,
>
> thank you for your prompt reply!
>
> On Sat 08/Feb/2020 11:39:05 +0100 Ondřej Surý wrote:
>>> How do I fix this issue?
>>
>>
>> You don’t, their DNSSEC is broken:
>>
>> https://dnsviz.net/d/emeraldonion.org/dnssec/
>
>
> I see. Is there a command to diagnose that locally?
>
>
>> They have to either start signing again or remove DS record from the parent (org).
>
>
> Fine, I'll forward your suggestion direct-to-mx
>
>
> Best
> Ale
> --
>
>
>
>
>
>
More information about the bind-users
mailing list