[dns-operations] coop. provides broken NSEC3 proofs of non-existence

Alarig Le Lay alarig at swordarmor.fr
Mon Oct 23 13:15:05 UTC 2017


Hi,

On lun. 23 oct. 11:08:56 2017, Vladimír Čunát wrote:
> I believe the answers provided over IPv4 are valid but those over IPv6
> are not.  I might be wrong, but I'm fairly confident about it now. 
> Details of my reasoning:
> https://gitlab.labs.nic.cz/knot/knot-resolver/issues/261#note_58800

It seems that you’re right, I tested ouvaton.coop from three locations,
and at each time I can’t resolve ns{1,2,3}.ouvaton.coop over IPv6, but
can over IPv4.

https://paste.swordarmor.fr/raw/tyaP

-- 
alarig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171023/0ffdad9b/attachment.sig>


More information about the dns-operations mailing list