[dns-operations] Missing NSEC3 RRs in negative replies from pdns13.domaincontrol.com
Brian L. King
bking at godaddy.com
Tue Jan 2 18:47:56 UTC 2018
Thank you for bringing this to our attention, Viktor!
This was a localized database issue, now resolved.
On Tue, 2018-01-02 at 00:38 -0500, Viktor Dukhovni wrote:
> http://dnsviz.net/d/_25._tcp.everwisers.com/Wkr4gQ/dnssec/
>
> @pdns13.domaincontrol.com.[216.69.185.56]
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21385
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
> ;_25._tcp.everwisers.com. IN TLSA
> everwisers.com. SOA pdns13.domaincontrol.com.
> dns.jomax.net. 2017123012 28800 7200 604800 600
>
> @pdns14.domaincontrol.com.[208.109.255.56]
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26282
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1
> ;_25._tcp.everwisers.com. IN TLSA
> everwisers.com. SOA pdns13.domaincontrol.com.
> dns.jomax.net. 2017123012 28800 7200 604800 600
> d5vh6psk3n3sa51qo4gmkp7qo5vl203n.everwisers.com. NSEC3 1 0 1 -
> G05NSV7OJJT2SNKK9V1F3A7DLPPM8G1H A NS SOA RRSIG DNSKEY NSEC3PARAM
> n9r0a1a1ovio5gf16vbf2pop7m7tnmt1.everwisers.com. NSEC3 1 0 1 -
> D5VH6PSK3N3SA51QO4GMKP7QO5VL203N CNAME RRSIG
>
> Similar recent observations also for pdns11.domaincontrol.com, with
> working
> NSEC3 records on pdns12.domaincontrol.com, but I no longer have the
> samples
> at hand.
>
>
--
Brian L. King (blk at godaddy.com)Senior Linux/DNS Systems Administrator
Managed/Corporate DNS, Go Daddy
:wq!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20180102/ce24a484/attachment.html>
More information about the dns-operations
mailing list