[dns-operations] Missing algorithm 8 signatures in .museum zone

Viktor Dukhovni ietf-dane at dukhovni.org
Thu Nov 16 06:20:30 UTC 2017 

The .museum zone has algorithm 8 and 10 DS and DNSKEY RRs, but
some records are signed with just algorithm 10:

http://dnsviz.net/d/ww2.dsm.museum/Wg0sRQ/dnssec/

@d.nic.fr.[194.0.9.1]
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38522
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;dsm.museum.            IN DS
museum.                 SOA     a.nic.fr. ...
museum.                 RRSIG   SOA 10 1 ...
7fe0d5i1il7eoprub8q9t7cn5jghdm73.museum. NSEC3 1 1 1 B66887C4 ...
7fe0d5i1il7eoprub8q9t7cn5jghdm73.museum. RRSIG NSEC3 10 2 ...

@f.ext.nic.fr.[194.146.106.46]
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60958
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;dsm.museum.            IN DS
7FE0D5I1IL7EOPRUB8Q9T7CN5JGHDM73.museum. NSEC3 1 1 1 B66887C4 
7FE0D5I1IL7EOPRUB8Q9T7CN5JGHDM73.museum. RRSIG NSEC3 10 2 ...
museum.                 SOA     a.nic.fr. ...
museum.                 RRSIG   SOA 10 1 ...

@g.ext.nic.fr.[194.0.36.1]
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56321
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;dsm.museum.            IN DS
7FE0D5I1IL7EOPRUB8Q9T7CN5JGHDM73.museum. NSEC3 1 1 1 B66887C4 ...
7FE0D5I1IL7EOPRUB8Q9T7CN5JGHDM73.museum. RRSIG NSEC3 10 2 ...
museum.                 SOA     a.nic.fr. ...
museum.                 RRSIG   SOA 10 1 ...

-- 
	Viktor.

More information about the dns-operations mailing list