[dns-operations] Algorithm but no signature in .in?

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Mar 27 05:44:53 UTC 2020

Some resolvers protest on .in. It seems they have a RSASHA256 key but
no RSASHA256 signatures, thus violating RFC 4035, section 2.2 "There
MUST be an RRSIG for each RRset using at least one DNSKEY of EACH

(Cannot show a nice DNSviz picture, DNSviz seems broken at this time.)

More information about the dns-operations mailing list