[dns-operations] validation problem on 1.1.1.1

Vicky Shrestha vicky at geeks.net.np
Fri Jan 31 19:03:35 UTC 2020 

Hi,

Thanks for reporting this issue. we are investigating.

On Thu, Jan 30, 2020 at 21:34 T.Suzuki <tss at reflection.co.jp> wrote:

> Why don't many of your 1.1.1.1 instances validate DNSSEC signatures?
> I noticed at 29 Jan 2020 21:05:31 -0000.
>
> ex.
> --- No AD Flag ---
>
> ~% drill -D www.ietf.org @1.1.1.1
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 37059
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;; www.ietf.org.        IN      A
>
> ;; ANSWER SECTION:
> www.ietf.org.   1725    IN      CNAME   www.ietf.org.cdn.cloudflare.net.
> www.ietf.org.   1725    IN      RRSIG   CNAME 5 3 1800 20210127000323
> 20200127230611 40452 ietf.org.
> fX/FCVGya8pIk/2cMDWu3+iNKyWd0GLK4g6wtwp8v7rjp+nynpRm1jOanP20p36Dod4qj0IdoMGu3PN2756QZW7LzQ6nS+x7Re37Q52BP89ADXZ5J5tLlcaRl0MEyoj6/Cyv6cW+GH8sK0PwYmE11mVzezI3ZrADWvTCmgNxEpxHxoF0jlpJ0+JVt9gP2bbHWg0uF2yspTwspaoCSRcaO6KFKnkkQXI2PFhgk0w/Od4NXe86V64U1WtMGcqNyGOe0zcq4HPmiiW+lvZab6QuZJ8kq/A5HrDw66MzuRK5S2PJFjoF7lna9OIru9JXT+FcHmozUpI9lwLJIwI5IRt11g==
> www.ietf.org.cdn.cloudflare.net.        225     IN      A
>  104.20.0.85
> www.ietf.org.cdn.cloudflare.net.        225     IN      RRSIG   A 13 6
> 300 20200201051316 20200130031316 34505 cloudflare.net.
> 5ENTxqytYAMLW2cDtBiWLaEYDm9xMRplDZuoj/U084rAZoyjxwIrn3F+B2KfGldleYB5gbyvUPbPuv41lsoOUQ==
> www.ietf.org.cdn.cloudflare.net.        225     IN      A
>  104.20.1.85
>
> ;; AUTHORITY SECTION:
>
> ;; ADDITIONAL SECTION:
>
> ;; Query time: 196 msec
> ;; EDNS: version 0; flags: do ; udp: 1452
> ;; SERVER: 1.1.1.1
> ;; WHEN: Fri Jan 31 13:14:32 2020
> ;; MSG SIZE  rcvd: 536
>
> --- With AD Flag ---
>
> ~% drill -D www.ietf.org @1.1.1.1
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 23813
> ;; flags: qr rd ra ad ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;; www.ietf.org.        IN      A
>
> ;; ANSWER SECTION:
> www.ietf.org.   1578    IN      CNAME   www.ietf.org.cdn.cloudflare.net.
> www.ietf.org.   1578    IN      RRSIG   CNAME 5 3 1800 20210127000323
> 20200127230611 40452 ietf.org.
> fX/FCVGya8pIk/2cMDWu3+iNKyWd0GLK4g6wtwp8v7rjp+nynpRm1jOanP20p36Dod4qj0IdoMGu3PN2756QZW7LzQ6nS+x7Re37Q52BP89ADXZ5J5tLlcaRl0MEyoj6/Cyv6cW+GH8sK0PwYmE11mVzezI3ZrADWvTCmgNxEpxHxoF0jlpJ0+JVt9gP2bbHWg0uF2yspTwspaoCSRcaO6KFKnkkQXI2PFhgk0w/Od4NXe86V64U1WtMGcqNyGOe0zcq4HPmiiW+lvZab6QuZJ8kq/A5HrDw66MzuRK5S2PJFjoF7lna9OIru9JXT+FcHmozUpI9lwLJIwI5IRt11g==
> www.ietf.org.cdn.cloudflare.net.        300     IN      A
>  104.20.0.85
> www.ietf.org.cdn.cloudflare.net.        300     IN      A
>  104.20.1.85
> www.ietf.org.cdn.cloudflare.net.        300     IN      RRSIG   A 13 6
> 300 20200201051436 20200130031436 34505 cloudflare.net.
> cgg3sYERXPXlx4u1y5XKEFzaGHbJO/tiEqzpkC94JLyrlqAz4mG4ika+OeMaIIrnG80NDxuzA1XBXDyy9smldA==
>
> ;; AUTHORITY SECTION:
>
> ;; ADDITIONAL SECTION:
>
> ;; Query time: 39 msec
> ;; EDNS: version 0; flags: do ; udp: 1452
> ;; SERVER: 1.1.1.1
> ;; WHEN: Fri Jan 31 13:14:36 2020
> ;; MSG SIZE  rcvd: 555
>
> --
>
> ------------------------------------------------------------------------------
> T.Suzuki
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-- 
With Regards,

Vicky Shrestha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200131/339d63d1/attachment.html>

More information about the dns-operations mailing list