[dns-operations] Trouble looking up various axc.nl TLSA RRs via Cloudflare DNS

Viktor Dukhovni ietf-dane at dukhovni.org
Thu Oct 3 17:55:04 UTC 2019


On Thu, Oct 03, 2019 at 10:32:35AM -0700, Marek Vavruša wrote:

> Hi Viktor,
>
> > Can anyone from Cloudflare offer an explanation?  Is this is a
> > feature or a bug?  Anyone else seeing different results?
> 
> This was a NTA added for
> https://github.com/dns-violations/dns-violations/blob/f93c7477098da82ab39626a0ed8de07970bb0570/2017/DVE-2017-0009.md
> It seems like this was fixed. I've removed the NTA, so it should be
> validating again.

Thanks!  It makes sense now.  [ I only saw your reply after posing
my follow-up. ]

In a perverse twist of fate, it sure looks like that 2017 DVE was
my contribution.

The repository has not been updated in over a year, it looks like
the project has run out of steam...

Probably NTAs based on such data should have a much shorter shelf-life
than two years, and require some explicit re-confirmation.

-- 
	Viktor.


More information about the dns-operations mailing list