[dns-operations] Missing DoE NSEC RRs for .xn--ogbpf8fl from sy.cctld.authdns.ripe.net[]

Anand Buddhdev anandb at ripe.net
Tue Jul 24 13:53:51 UTC 2018

Hi Viktor,

The theory at the moment is that something is going wrong during IXFR
when the NSEC3PARAM record changes.

I have a bug report open with NLNetLabs, and they are investigating the


We forced a full AXFR of the zone on all the NSD servers in the
sy.cctld.authdns.ripe.net cluster, and they are all returning the
correct NSEC3 records for DoE now.

Anand Buddhdev

On 23/07/2018 17:10, Anand Buddhdev wrote:
> Hi Viktor,
> Thanks for bringing this to our attention. The sy.cctld.authdns.ripe.net
> server is in fact an anycast cluster of 10 servers, of which 4 run NSD.
> All 4 of these NSD servers are exhibiting this issue. Restarting NSD
> fixes it, but we'd like to keep running it for just a bit longer, to
> collect some diagnostics which will help the developers.

More information about the dns-operations mailing list