[dns-operations] Lack of tlsa support

Shumon Huque shuque at gmail.com
Wed May 27 20:56:25 UTC 2015


On Wed, May 27, 2015 at 3:59 PM, Shumon Huque <shuque at gmail.com> wrote:

>
>>
>> Here's a transcript of my attempt to query all the NS addresses at
> accountant for TLSA records (from one location, a datacenter in New
> Jersey). Quick summary: no response/timeout from all the IPv4 addresses,
> correct NODATA answers from all the IPv6 addresses. Hmm (and no, the
> machine originating the queries has working IPv4 and can query other
> records successfully):
>

Actually, I was wondering why those answers are NODATA rather than NXDOMAIN
since presumably there aren't other record types at the name I queried. It
looks like this is because this zone is in the controlled interruption mode
(it has a wildcard at the apex for A, MX, etc).

Shumon Huque.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150527/b3f1f408/attachment.html>


More information about the dns-operations mailing list