[dns-operations] Google (formerly also CF) public DNS sometimes forwards incomplete subset of NSEC RRs
Robert Evans
evansr at google.com
Fri Jul 30 20:02:07 UTC 2021
On Wed, Jul 28, 2021 at 11:37 PM Viktor Dukhovni <ietf-dane at dukhovni.org>
wrote:
> One zone with a CNAME loop and another with partly expired NSEC RRSIGs
> via a no longer published ZSK.
>
CNAME loops aren't valid, but aren't rejected by Cloud DNS.
The invalid RRSIG looks broken, and we'll investigate. Thanks for reporting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210730/c696f693/attachment.html>
More information about the dns-operations
mailing list