[dns-operations] Missing NSEC3 RRs in negative replies from pdns13.domaincontrol.com
Viktor Dukhovni
ietf-dane at dukhovni.org
Tue Jan 2 05:38:51 UTC 2018
http://dnsviz.net/d/_25._tcp.everwisers.com/Wkr4gQ/dnssec/
@pdns13.domaincontrol.com.[216.69.185.56]
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21385
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;_25._tcp.everwisers.com. IN TLSA
everwisers.com. SOA pdns13.domaincontrol.com. dns.jomax.net. 2017123012 28800 7200 604800 600
@pdns14.domaincontrol.com.[208.109.255.56]
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26282
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1
;_25._tcp.everwisers.com. IN TLSA
everwisers.com. SOA pdns13.domaincontrol.com. dns.jomax.net. 2017123012 28800 7200 604800 600
d5vh6psk3n3sa51qo4gmkp7qo5vl203n.everwisers.com. NSEC3 1 0 1 - G05NSV7OJJT2SNKK9V1F3A7DLPPM8G1H A NS SOA RRSIG DNSKEY NSEC3PARAM
n9r0a1a1ovio5gf16vbf2pop7m7tnmt1.everwisers.com. NSEC3 1 0 1 - D5VH6PSK3N3SA51QO4GMKP7QO5VL203N CNAME RRSIG
Similar recent observations also for pdns11.domaincontrol.com, with working
NSEC3 records on pdns12.domaincontrol.com, but I no longer have the samples
at hand.
--
Viktor.
More information about the dns-operations
mailing list