[dns-operations] Google (formerly also CF) public DNS sometimes forwards incomplete subset of NSEC RRs
evansr at google.com
Fri Jul 30 20:02:07 UTC 2021
On Wed, Jul 28, 2021 at 11:37 PM Viktor Dukhovni <ietf-dane at dukhovni.org>
> One zone with a CNAME loop and another with partly expired NSEC RRSIGs
> via a no longer published ZSK.
CNAME loops aren't valid, but aren't rejected by Cloud DNS.
The invalid RRSIG looks broken, and we'll investigate. Thanks for reporting.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations