[dns-operations] DNSSEC at ICANN: still no check?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Jan 20 16:29:26 UTC 2014
On Mon, Jan 20, 2014 at 04:24:53PM +0000,
? Roy Arends <roy at dnss.ec> wrote
a message of 121 lines which said:
> I don’t understand the problem. Do you expect nic.red to be
> dnssec-signed?
Not at all. I expect its non-signature to be validated, but it isn't.
% dig SOA nic.red
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> SOA nic.red
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54620
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;nic.red. IN SOA
;; Query time: 712 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Jan 20 17:29:20 2014
;; MSG SIZE rcvd: 36
More information about the dns-operations
mailing list