[dns-operations] .SX TLD issue (was: TLDmon QTYPE warning)
Viktor Dukhovni
ietf-dane at dukhovni.org
Thu Dec 8 21:20:48 UTC 2016
On Thu, Dec 08, 2016 at 11:25:35AM +0100, Marco Davids (SIDN) wrote:
> I am trying to understand why our Knot-instance results in a QTYPE
> warning on:
>
> https://tldmon.dns-oarc.net/nagios/cgi-bin/status.cgi?host=nl
Speaking of TLD-layer breakage, does anyone know the operators of
the "sx" TLD? The "b.ns.sx" server is (still) returning bogus denial
of existence. Typically, this is a result of lack of NSEC3 support,
@a.ns.sx.[89.207.184.65]
; <<>> DiG 9.10.4-P2 <<>> +dnssec +noall +cmd +comment +qu +ans +auth +nocl +nottl +nosplit +norecur -t a foobarbaz.sx @89.207.184.65
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32023
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1
;foobarbaz.sx. IN A
sx. SOA a.ns.sx. sx.openregistry.com. 16388 14400 3600 604800 86400
sx. RRSIG SOA 7 1 86400 20170606194004 20161208194004 39185 sx.
N32PJU8P60HH9B9KC79Q869VNAC9NFHS.sx. NSEC3 1 0 10 4321 N3Q833IAF3FHN1BP8QOD6CC68EPQCUH4 NS SOA RRSIG DNSKEY NSEC3PARAM
N32PJU8P60HH9B9KC79Q869VNAC9NFHS.sx. RRSIG NSEC3 7 2 86400 20170606194004 20161208194004 39185 sx. ...
DC3S5N9PJ24I1BL9G32VUH87K0NO496V.sx. NSEC3 1 0 10 4321 DCJUVKOOQ30A4MQ3HMACCNU8F9J3H6UK NS
DC3S5N9PJ24I1BL9G32VUH87K0NO496V.sx. RRSIG NSEC3 7 2 86400 20170606194004 20161208194004 39185 sx. ...
RJ6N95LAQKR3B6CLHSPP1Q9PSA5CH7T5.sx. NSEC3 1 0 10 4321 RJHSF98P8P2SERO9ULBGF7GPKH0LJSHL NS
RJ6N95LAQKR3B6CLHSPP1Q9PSA5CH7T5.sx. RRSIG NSEC3 7 2 86400 20170606194004 20161208194004 39185 sx. ...
@b.ns.sx.[80.92.90.160]
; <<>> DiG 9.10.4-P2 <<>> +dnssec +noall +cmd +comment +qu +ans +auth +nocl +nottl +nosplit +norecur -t a foobarbaz.sx @80.92.90.160
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21442
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;foobarbaz.sx. IN A
sx. SOA a.ns.sx. sx.openregistry.com. 16388 14400 3600 604800 86400
sx. RRSIG SOA 7 1 86400 20170606194004 20161208194004 39185 sx.
@c.ns.sx.[192.95.19.109]
; <<>> DiG 9.10.4-P2 <<>> +dnssec +noall +cmd +comment +qu +ans +auth +nocl +nottl +nosplit +norecur -t a foobarbaz.sx @192.95.19.109
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24118
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1
;foobarbaz.sx. IN A
sx. SOA a.ns.sx. sx.openregistry.com. 16388 14400 3600 604800 86400
sx. RRSIG SOA 7 1 86400 20170606194004 20161208194004 39185 sx.
N32PJU8P60HH9B9KC79Q869VNAC9NFHS.sx. NSEC3 1 0 10 4321 N3Q833IAF3FHN1BP8QOD6CC68EPQCUH4 NS SOA RRSIG DNSKEY NSEC3PARAM
N32PJU8P60HH9B9KC79Q869VNAC9NFHS.sx. RRSIG NSEC3 7 2 86400 20170606194004 20161208194004 39185 sx. ...
DC3S5N9PJ24I1BL9G32VUH87K0NO496V.sx. NSEC3 1 0 10 4321 DCJUVKOOQ30A4MQ3HMACCNU8F9J3H6UK NS
DC3S5N9PJ24I1BL9G32VUH87K0NO496V.sx. RRSIG NSEC3 7 2 86400 20170606194004 20161208194004 39185 sx. ...
RJ6N95LAQKR3B6CLHSPP1Q9PSA5CH7T5.sx. NSEC3 1 0 10 4321 RJHSF98P8P2SERO9ULBGF7GPKH0LJSHL NS
RJ6N95LAQKR3B6CLHSPP1Q9PSA5CH7T5.sx. RRSIG NSEC3 7 2 86400 20170606194004 20161208194004 39185 sx. ...
The original problem report from Oct 16th 2016:
https://lists.dns-oarc.net/pipermail/dns-operations/2016-October/015541.html
--
Viktor.
More information about the dns-operations
mailing list