[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)

Lutz Donnerhacke lutz at iks-jena.de
Tue Jan 8 21:30:30 UTC 2008

* Patrik Fältström wrote:
> error is found (by someone), what should happen? Should as a last  
> resort the domain be withdrawn?

As the starter of this subthread, I'd like to clarify my personal clash with
the AFNIC domain checking tools. First we had several problems, due to
misconfigurations in ipv6 reverse zones, hidden primaries etc. pp. in order
to get the FR delegation fly.

After a long time, I switch the NS of this zone to DNSSEC validation and to
use the signed root. In consequence we received an e-mail explaining, that
the server does not respond with the ICANN servers for "." and the zone was
not longer delegated from FR. I was somewhat surprised. This server is now
one of the few non validation servers. I do not know what really happend, it
might be the registrars fault or something more obscure, but I deeply
remember the connection between DNSSEC and FR delegation removal ...

More information about the dns-operations mailing list