[dns-operations] coop. provides broken NSEC3 proofs of non-existence
Petr Špaček
petr.spacek at nic.cz
Sun Oct 22 11:22:25 UTC 2017
Hello,
for those who are debugging weird failures in DNSSEC validation, please
note that NS for coop. TLD provide broken proofs of non-existence. This
sometimes lead to cascade failure e.g. for domain existrans.org. which
has NS pointing to ns1.ouvaton.coop.
Example:
http://dnsviz.net/d/ns1.ouvaton.coop/Wex90A/dnssec/
If there is anyone from coop., feel free to get in touch with me.
--
Petr Špaček @ CZ.NIC
More information about the dns-operations
mailing list