sshfp key verification

Hello!

I have configured my zone to use SSHFP resource records to make addition check of SSH keys. It work if connecting from linux and freebsd hosts:

%ssh -v -o "VerifyHostKeyDNS yes" -p 9922 example.com

OpenSSH_5.2p1 FreeBSD-20090522, OpenSSL 0.9.8k 25 Mar 2009

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Connecting to example.com [1.1.1.1] port 9922.

debug1: Connection established.

debug1: identity file /home/user/.ssh/identity type -1

debug1: identity file /home/user/.ssh/id_rsa type -1

debug1: identity file /home/user/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1

debug1: match: OpenSSH_6.1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.2p1 FreeBSD-20090522

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes192-cbc hmac-ripemd160 none

debug1: kex: client->server aes192-cbc hmac-ripemd160 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: found 1 insecure fingerprints in DNS

debug1: matching host key fingerprint found in DNS

debug1: checking without port identifier

The authenticity of host '[example.com]:9922 ([1.1.1.1]:9922)' can't be established.

RSA key fingerprint is 21:e5:5c:ca:cb:5c:af:3e:45:f6:7f:c7:74:92:4f:b7.

Matching host key fingerprint found in DNS.

Are you sure you want to continue connecting (yes/no)?

But when I try to connect to same host from Mac i have this message:

$ ssh -v -o "VerifyHostKeyDNS yes" -p 9922 example.com

OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011

debug1: Reading configuration data /etc/ssh_config

debug1: Applying options for *

debug1: Connecting to example.com [1.1.1.1] port 9922.

debug1: Connection established.

debug1: identity file /Users/user/.ssh/id_rsa type -1

debug1: identity file /Users/user/.ssh/id_rsa-cert type -1

debug1: identity file /Users/user/.ssh/id_dsa type -1

debug1: identity file /Users/user/.ssh/id_dsa-cert type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1

debug1: match: OpenSSH_6.1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.6

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes192-cbc hmac-ripemd160 none

debug1: kex: client->server aes192-cbc hmac-ripemd160 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

DNS lookup error: general failure

debug1: checking without port identifier

The authenticity of host '[example.com]:9922 ([1.1.1.1]:9922)' can't be established.

RSA key fingerprint is 21:e5:5c:ca:cb:5c:af:3e:45:f6:7f:c7:74:92:4f:b7.

No matching host key fingerprint found in DNS.

Are you sure you want to continue connecting (yes/no)?

I tried to use same DNS server and it didn't help. Any ideas how to fix this?