<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi all,<br>
<br>
Thank you for bringing this to our attention. The NSEC3 chain is now
operating properly.<br>
<br>
Krzysztof<br>
<br>
<blockquote type="cite"
cite="mid:3bb7cedb-596a-cb67-5ca3-8120e685186a@nask.pl"> <br>
<blockquote type="cite"
cite="mid:1329642625.51112343.1560762863991.JavaMail.zimbra@dns.pl">
<div style="font-family: arial, helvetica, sans-serif;
font-size: 12pt; color: #000000">
<div data-marker="__QUOTED_TEXT__">
<blockquote style="border-left: 2px solid #1010FF;
margin-left: 5px; padding-left: 5px; color: #000;
font-weight: normal; font-style: normal; text-decoration:
none; font-family: Helvetica,Arial,sans-serif; font-size:
12pt;" data-mce-style="border-left: 2px solid #1010FF;
margin-left: 5px; padding-left: 5px; color: #000;
font-weight: normal; font-style: normal; text-decoration:
none; font-family: Helvetica,Arial,sans-serif; font-size:
12pt;"> Date: Mon, 17 Jun 2019 09:48:04 +0200<br>
From: bert hubert <a class="moz-txt-link-rfc2396E"
href="mailto:bert.hubert@powerdns.com"
moz-do-not-send="true"><bert.hubert@powerdns.com></a><br>
To: <a class="moz-txt-link-abbreviated"
href="mailto:dns-operations@dns-oarc.net"
moz-do-not-send="true">dns-operations@dns-oarc.net</a><br>
Subject: .PL DNSSEC broken again<br>
<br>
Hi everyone,<br>
<br>
On the ever vigilant PowerDNS IRC channel, a big
validating operator<br>
reported seeing .pl bogus PowerDNS responses on
apparently unsigned .pl<br>
domain names.<br>
<br>
People looked into it and it appears .PL is handing out
wrong NSEC3 records.<br>
<br>
We have no better diagnosis at this point, but this is
not good for DNSSEC<br>
validation adoption. I hope .pl can look into this
urgently.<br>
<br>
Bert<br>
<br>
<br>
<br>
</blockquote>
</div>
</div>
</blockquote>
</blockquote>
<br>
</body>
</html>