[dns-operations] dnssec-failed.org and dns.google
J Crowe
jcrowe215 at gmail.com
Thu Aug 15 15:28:15 UTC 2019
Agree, though with an NTA, the AD bit is not being set and this essentially
lying even more to the user/client. I am interested in knowing what type of
"feature" this is for an end user.
On Thu, Aug 15, 2019 at 10:54 AM Jan-Piet Mens <list at mens.de> wrote:
> >perhaps by using automated Negative Trust Anchors (NTAs) in certain
> >circumstances
>
> An NTA would have been bad enough for this explicitly broken domain,
> IMO.
>
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
> ADDITIONAL: 1
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Thu Aug 15 14:41:49 UTC 2019
>
> NOERROR/+AD are still being reported.
>
> -JP
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190815/a9da487c/attachment.html>
More information about the dns-operations
mailing list