[dns-operations] .net returning glue and NSEC3 records?
lutz at iks-jena.de
Mon Nov 7 20:34:59 UTC 2011
> We noticed that .net is returning glue for items it also proves via NSEC3
> that it does not exist?
Nope. They are returing the proof, that they do not know the DS entry.
> lanzarote-immobilie.net. NS dns5.sistema-dns.com.
> lanzarote-immobilie.net. NS dns6.sistema-dns.com.
> A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. NSEC3 1 1 0 - (
> A2003PRAPCHMS9L1A11GMVJ0JNP84A46 NS SOA RRSIG DNSKEY NSEC3PARAM)
That proofs, that they do not have "*.net DS" in their zone.
> 6MVJ05SNCJH2809G6OGGGH7J921VNJ7T.net. 86400 IN NSEC3 1 1 0 - (
> 6OP5R34VLOJ3Q2K4NMIIGA7N5KBV10K5 NS DS RRSIG
That proofs, that they dow not have "lanzarote-immobilie.net DS".
More information about the dns-operations