ARSoft.Tools.Net.Dns "Response records could not be validated" TLSA

Asked Apr 19 '18 at 15:29

Active Apr 19 '18 at 15:29

Viewed 164 times

Using the code below to validate DANE records on different mail servers i sometimes (close to 50% of the servers tested) get a "System.AggregateException" with the inner exception "Response records could not be validated".

var resolver = new SelfValidatingInternalDnsSecStubResolver();
        string mx = "mail2.amedia.nu.";
        DnsSecResult<TlsaRecord> result = resolver.ResolveSecure<TlsaRecord>("_25._tcp." + mx, RecordType.Tlsa);
        Console.WriteLine(result.ValidationResult.ToString());

I pasted the first 1000 failed mx servers here for testing: https://pastebin.com/14kqQT06

Any idea why this exception is thrown?

asked Apr 19 '18 at 15:29

user3713080

Give one and only one example to reproduce. Maybe no DNSSEC, so no validation? DNSSEC is mandatory for DANE. – Patrick Mevzek Apr 19 '18 at 22:57
I wanted to give a few extra as someone might be able to see a pattern in them. The "mail2.amedia.nu" does not support DNSSEC but shouldn't that give a ValidationResult.Unsigned instead of just throwing an exception? – user3713080 Apr 20 '18 at 09:40

ARSoft.Tools.Net.Dns "Response records could not be validated" TLSA

0 Answers0