[dns-operations] coop. provides broken NSEC3 proofs of non-existence

Petr Špaček petr.spacek at nic.cz
Sun Oct 22 11:22:25 UTC 2017


Hello,

for those who are debugging weird failures in DNSSEC validation, please
note that NS for coop. TLD provide broken proofs of non-existence. This
sometimes lead to cascade failure e.g. for domain existrans.org. which
has NS pointing to ns1.ouvaton.coop.

Example:
http://dnsviz.net/d/ns1.ouvaton.coop/Wex90A/dnssec/

If there is anyone from coop., feel free to get in touch with me.

-- 
Petr Špaček  @  CZ.NIC



More information about the dns-operations mailing list