Leading zeroes in in (r|s)-parameters of ECDSA signature cause validation to fail #14
Description
since this morning, we get
. 0 CLASS65280 TXT "Could not establish validation of INSECURE status of unsigned response. Reason: Did not match a DS to a DNSKEY."
e.g. for MX of bger.ch
any hints what wrong ?
212.25.1.1 is the resolver.
<<query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15318
;; flags: rd ; qd: 1 an: 0 au: 0 ad: 0
;; QUESTIONS:
;; bger.ch., type = MX, class = IN
;; ANSWERS:
;; AUTHORITY RECORDS:
;; ADDITIONAL RECORDS:
;; Message size: 0 bytes
DEBUG [Thread-106] - got response: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 15318
;; flags: qr ; qd: 1 an: 0 au: 0 ad: 1
;; QUESTIONS:
;; bger.ch., type = MX, class = IN
;; ANSWERS:
;; AUTHORITY RECORDS:
;; ADDITIONAL RECORDS:
. 0 CLASS65280 TXT "Could not establish validation of INSECURE status of unsigned response. Reason: Did not match a DS to a DNSKEY."
iWay claims they didn't change anything and all is working properly