[dns-operations] DNSSEC Validation Errors with Wildcards

Bernhard Schmidt berni at birkenwald.de
Fri Oct 17 05:56:32 UTC 2014


> The correct answer is NXDOMAIN based on the NSEC record which says
> there is no records between _tcp.vdlc.nl and _autodiscover._tcp.vdlc.nl.
> i.e. there is no wildcard record at *._tcp.vdlc.nl.
> The problem is a wildcard processing server error.  It is generating
> the wrong response code.  It is failing to account for the existence
> of _tcp.vdlc.nl.

So ... a signing error, right?

Is there any software(-version) known to have this misbehaviour? I will
try to contact the operators of the broken zones.


More information about the dns-operations mailing list