[dns-operations] slack.com bogus

vom513 vom513 at gmail.com
Thu Sep 30 18:31:32 UTC 2021


I see it as broken at home on my validating BIND instance (I get SERVFAIL).

Interesting (at least to me) - checking 8.8.8.8 and 1.1.1.1 I get A records back just fine.  However no ‘ad’ flag (using dig).  Other DNSSEC signed zones still give ad off quad-8/quad-1 though.

So perhaps a dumb question - could Google and Cloudflare be hitting some kind of “manual overrride” to not validate a given zone - i.e. human intervention / look the other way ?

Or is there a more technical explanation that I could be missing ?



More information about the dns-operations mailing list