[dns-operations] IPv4 DNSSEC issues at nic.in

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Jun 15 14:51:23 UTC 2018


Please see:

   http://dnsviz.net/d/_25._tcp.mailgw.nic.in/WyPQCQ/dnssec/

This affects email delivery from DANE-validating senders to
~200 or more receiving domains including nic.in.

The IPv4 nameservers drop TLSA lookups, while queries to the
sole IPv6 nameserver get through.  Previously this has only
been seen with misconfigured Arbor Networks firewalls that
have a feature to allow only queries with selected RRtypes.

DNSViz also reports issues with DNS over TCP, a potential
IPv6 path MTU issue, ...

-- 
	Viktor.




More information about the dns-operations mailing list