[dns-operations] Missing DoE NSEC RRs for .xn--ogbpf8fl from sy.cctld.authdns.ripe.net[193.0.9.113]
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Jul 25 10:47:48 UTC 2018
On Jul 23, 2018, at 9:58 AM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> The response from sy.cctld.authdns.ripe.net[193.0.9.113] lacks
> the requisite NSEC records:
>
> http://dnsviz.net/d/foobar.xn--ogbpf8fl/W1XdaA/dnssec/
>
> @sy.cctld.authdns.ripe.net[193.0.9.113]
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12153
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
> ;foobar.سورية. IN A
> سورية. SOA ns1.tld.sy. dns.tld.sy. 2018072326 1200 3600 2592000 3600
> سورية. RRSIG SOA 8 1 3600 20180806041820 20180723124315 36678 سورية.
Today I see that both ".xn--ogbpf8fl" and ".sy" have neither
DS RRs in the root zone nor DNSKEY RRs at the zone apex. Is
a temporary measure related to NSEC glitch, or a policy
change?
--
Viktor.
More information about the dns-operations
mailing list