[dns-operations] DNSSEC at ICANN: still no check?

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Jan 20 16:29:26 UTC 2014


On Mon, Jan 20, 2014 at 04:24:53PM +0000,
 ? Roy Arends <roy at dnss.ec> wrote 
 a message of 121 lines which said:

> I don’t understand the problem. Do you expect nic.red to be
> dnssec-signed?

Not at all. I expect its non-signature to be validated, but it isn't.


% dig SOA nic.red

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> SOA nic.red
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54620
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;nic.red.		IN SOA

;; Query time: 712 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Jan 20 17:29:20 2014
;; MSG SIZE  rcvd: 36




More information about the dns-operations mailing list