[dns-operations] Missing NSEC3 RRs in negative replies from pdns13.domaincontrol.com

Brian L. King bking at godaddy.com
Tue Jan 2 18:47:56 UTC 2018


Thank you for bringing this to our attention, Viktor!
This was a localized database issue, now resolved.

On Tue, 2018-01-02 at 00:38 -0500, Viktor Dukhovni wrote:
> http://dnsviz.net/d/_25._tcp.everwisers.com/Wkr4gQ/dnssec/
> 
> @pdns13.domaincontrol.com.[216.69.185.56]
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21385
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
> ;_25._tcp.everwisers.com. IN TLSA
> everwisers.com.         SOA     pdns13.domaincontrol.com.
> dns.jomax.net. 2017123012 28800 7200 604800 600
> 
> @pdns14.domaincontrol.com.[208.109.255.56]
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26282
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1
> ;_25._tcp.everwisers.com. IN TLSA
> everwisers.com.         SOA     pdns13.domaincontrol.com.
> dns.jomax.net. 2017123012 28800 7200 604800 600
> d5vh6psk3n3sa51qo4gmkp7qo5vl203n.everwisers.com. NSEC3 1 0 1 -
> G05NSV7OJJT2SNKK9V1F3A7DLPPM8G1H  A NS SOA RRSIG DNSKEY NSEC3PARAM
> n9r0a1a1ovio5gf16vbf2pop7m7tnmt1.everwisers.com. NSEC3 1 0 1 -
> D5VH6PSK3N3SA51QO4GMKP7QO5VL203N  CNAME RRSIG
> 
> Similar recent observations also for pdns11.domaincontrol.com, with
> working
> NSEC3 records on pdns12.domaincontrol.com, but I no longer have the
> samples
> at hand.
> 
> 
-- 
Brian L. King (blk at godaddy.com)Senior Linux/DNS Systems Administrator
Managed/Corporate DNS, Go Daddy
:wq!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180102/ce24a484/attachment.html>


More information about the dns-operations mailing list