[dns-operations] Systemic DoE failure at worldnic.com nameservers

Viktor Dukhovni ietf-dane at dukhovni.org
Sun Aug 7 23:06:16 UTC 2022


As seen at:

    https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/worldnic.com.html

over 400 "small" signed zones (zone apex only in the NSEC chain) return
incorrect "NODATA" RCODEs for "_25._tcp.<zone-apex>. TLSA ?".  The
provided NSEC records instead prove "NXDOMAIN".  This breaks email to
these domains from DANE-enabled MTAs.

If I'm not mistaken, "worldnic.com" is a NetworkSolutions brand, don't
know whether they have anyone on this list.  WHOIS contact Cc'd.

-- 
    Viktor.

P.S.  Top 5 nameservers with DoE breakage:

    609 registrar-servers.com
    402 worldnic.com
    248 mijndomein.nl
    138 axc.nl
     75 ebola.cz


More information about the dns-operations mailing list