[dns-operations] Quad9 denial of existence for _25._tcp.mx1.p01.antagonist.nl IN TLSA

Viktor Dukhovni ietf-dane at dukhovni.org
Tue Nov 26 16:04:33 UTC 2019 

On Tue, Nov 26, 2019 at 10:09:38AM -0500, Viktor Dukhovni wrote:

> Yes, I still the DoE response from 9.9.9.10, and also (not always) from
> its peer 149.112.112.10:

Though I've never succeeded in eliciting an NXDOMAIN for this qname from the
authoritative servers, I just observed a DoE also from Cloudflare, from both
1.0.0.1 and 1.1.1.1:

    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11156
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags: do; udp: 1452
    ;; AUTHORITY SECTION:
    antagonist.nl.          180     IN      SOA     ns1.antagonist.nl. hostmaster.antagonist.nl. 2018052300 180 3600 1209600 86400
    antagonist.nl.          180     IN      RRSIG   SOA 13 2 180 20191205000000 20191114000000 47684 antagonist.nl. TjahhD+sFLbHkIAUcUFFo+vC4icQKK2Zh+74BN+eFQ9JhkZaQ6AMYNbT wGfDZuNntzd2C3FS4SiIptAr6fOkvA==
    cueh7hkbnbrqk65590909p4r0pq6cd45.antagonist.nl. 86400 IN NSEC3 1 0 1 AB D04COHDERT50P43FHSP1N5F7LDVTORH7 A AAAA RRSIG
    cueh7hkbnbrqk65590909p4r0pq6cd45.antagonist.nl. 86400 IN RRSIG NSEC3 13 3 86400 20191205000000 20191114000000 47684 antagonist.nl. 5KPt3wExlfKg4tZJ1fdR1xhnj8x8DsmgYR2+pCHkcc041thw3E6jQCfY CESVytcQcp6Zb/uJ3zxNXExJkEzZoQ==
    i33uq5toep0fslekf0mqpnv6pb6s002e.antagonist.nl. 86400 IN NSEC3 1 0 1 AB IDTV8EDH9FRO5UU2OC4N3PUM51SRLDGH A RRSIG
    i33uq5toep0fslekf0mqpnv6pb6s002e.antagonist.nl. 86400 IN RRSIG NSEC3 13 3 86400 20191205000000 20191114000000 47684 antagonist.nl. Wrzps6dY9zhq14kBiFp0KwDqdkMtceOMV2cMKPkznhxFcsmpsTazZX1Z MAw/565cRwpWRoU5LuGNzGHg3ZstUQ==
    g7u4gpdfmf579evnnqmc3v816rafktip.antagonist.nl. 86400 IN NSEC3 1 0 1 AB GFL0IAO83UJDAA6IHCTHFGL6T4KNILQO A RRSIG
    g7u4gpdfmf579evnnqmc3v816rafktip.antagonist.nl. 86400 IN RRSIG NSEC3 13 3 86400 20191205000000 20191114000000 47684 antagonist.nl. DBJvz7HbYSFS/PHtTXD2qMwsKuWXoqNj8MPNMIk84Jv4kY1w52EevWIS nIgDknp9DbzYcczQzOOu1cyEYulYPg==

Once again, oddly the TTL don't change when I ask again, but I may not be hitting
the same cache.

Never yet from Google or Verisign, but perhaps the issue is upstream, and Quad9 has
just been less lucky than the others recently.

-- 
    Viktor.

More information about the dns-operations mailing list