[dns-operations] Trouble looking up various axc.nl TLSA RRs via Cloudflare DNS
Viktor Dukhovni
ietf-dane at dukhovni.org
Thu Oct 3 17:55:04 UTC 2019
On Thu, Oct 03, 2019 at 10:32:35AM -0700, Marek Vavruša wrote:
> Hi Viktor,
>
> > Can anyone from Cloudflare offer an explanation? Is this is a
> > feature or a bug? Anyone else seeing different results?
>
> This was a NTA added for
> https://github.com/dns-violations/dns-violations/blob/f93c7477098da82ab39626a0ed8de07970bb0570/2017/DVE-2017-0009.md
> It seems like this was fixed. I've removed the NTA, so it should be
> validating again.
Thanks! It makes sense now. [ I only saw your reply after posing
my follow-up. ]
In a perverse twist of fate, it sure looks like that 2017 DVE was
my contribution.
The repository has not been updated in over a year, it looks like
the project has run out of steam...
Probably NTAs based on such data should have a much shorter shelf-life
than two years, and require some explicit re-confirmation.
--
Viktor.
More information about the dns-operations
mailing list