If `dig +dnssec +cd emeraldonion.org mx` will give you answers and `dig +dnssec 
emeraldonion.org mx` does not, then it’s most probably validation failure.

Then of course based on your logging setup, the validation failures might be 
visible in BIND 9 log.

Ondrej
--
Ondřej Surý
ond...@isc.org

> On 8 Feb 2020, at 02:53, Alessandro Vesely <ves...@tana.it> wrote:
> 
> Hi,
> 
> thank you for your prompt reply!
> 
> On Sat 08/Feb/2020 11:39:05 +0100 Ondřej Surý wrote:
>>> How do I fix this issue?
>> 
>> 
>> You don’t, their DNSSEC is broken:
>> 
>> https://dnsviz.net/d/emeraldonion.org/dnssec/
> 
> 
> I see.  Is there a command to diagnose that locally?
> 
> 
>> They have to either start signing again or remove DS record from the parent 
>> (org).
> 
> 
> Fine, I'll forward your suggestion direct-to-mx
> 
> 
> Best
> Ale
> -- 
> 
> 
> 
> 
> 
> 

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to