[dns-operations] Google (formerly also CF) public DNS sometimes forwards incomplete subset of NSEC RRs

Robert Evans evansr at google.com
Fri Jul 30 20:02:07 UTC 2021

On Wed, Jul 28, 2021 at 11:37 PM Viktor Dukhovni <ietf-dane at dukhovni.org>

> One zone with a CNAME loop and another with partly expired NSEC RRSIGs
> via a no longer published ZSK.

CNAME loops aren't valid, but aren't rejected by Cloud DNS.

The invalid RRSIG looks broken, and we'll investigate. Thanks for reporting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210730/c696f693/attachment.html>

More information about the dns-operations mailing list