[dns-operations] Akamai now works with ENT (Empty Non-Terminals)?
Peter van Dijk
peter.van.dijk at powerdns.com
Wed Apr 17 15:41:07 UTC 2019
On 17 Apr 2019, at 16:00, Alexander Dupuy wrote:
> On a more practical note, in a previous case where an authority was
> returning "bald-faced lies" (proving the nonexistence of anything but the
> zone apex in a non-empty zone, in contrast to the minimal white and black
> lies) we had to disable aggressive NSEC cache synthesis as it was causing
> spurious negative answers. The domain was later identified as using
> PowerDNS, and the solution was for them to run pdnsutil rectify-zone to
> rebuild the NSEC chain (
> https://community.cloudflare.com/t/leg-br-domains-failing-to-query-1-1-1-1/18379/2).
> It is possible that this is all that epik.com needs to do to fix this issue.
Yes, this seems likely - the ‘bald-faced lies’ are one smoking gun, and the RRSIG timestamps (Thursday midnight, a few weeks apart) are another dead giveaway for PowerDNS.
epik.com. 300 IN RRSIG A 13 2 300 20190425000000 20190404000000 5305 epik.com. cZGaZvBRn/8ggkCMTTWMyQHIhkFytmKHwa4U0pBCsI1tUVIqgtkENsWF I2rJATLN2Du+989q0sDJGpVseZPKsw==
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 914 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190417/a35d09c4/attachment.sig>
More information about the dns-operations
mailing list