[dns-operations] isphuset.no/fsdata.se DNSSEC breakage

Viktor Dukhovni ietf-dane at dukhovni.org
Mon Sep 5 18:50:25 UTC 2016

> On Sep 5, 2016, at 1:09 PM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> So, to be clear,
> On Mon, Sep 05, 2016 at 12:32:04PM +1000, Mark Andrews wrote:
>> After another week or so request that .NO remove the delegations,
>> if it is still not fixed.
> […]
>> There has to be a penalty for continuing to use nameservers that
>> cause operational problems.
> your recommendation for fixing the thing that causes some operational
> problems is to make sure that the domain is broken for every possible
> operational case.  Right?

One way or another, perhaps with the aid of a not too subtle threat,
or just "public shaming", the issue seems to be getting some new
attention.  I for one was not about to immediately launch the
missiles, without giving the various parties another chance to
resolve the issue in a reasonably timely manner.

In my original post I said:

> The 391 (that I've been able to find) problem domains are below my
> signature.  The provider (swebby.se) with the next largest block
> of problem domans has only ~35 domains to remediate.

Interestingly enough, the swebby.se issue had been fixed quite
recently (perhaps just before my post), so that now the next
largest batch of problem domains are with:

  33 infracom.nl
  29 axc.nl

The infracom nameservers seem to have quite some trouble with
wildcard CNAMEs, e.g.:


but also some more exotic problems:


While axc.nl has been a black hole for problem reports for over
a year and seems to be returning NODATA along with NXDOMAIN proofs:



More information about the dns-operations mailing list