[dns-operations] Systemic DoE failure at worldnic.com nameservers
Viktor Dukhovni
ietf-dane at dukhovni.org
Sun Aug 7 23:06:16 UTC 2022
As seen at:
https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/worldnic.com.html
over 400 "small" signed zones (zone apex only in the NSEC chain) return
incorrect "NODATA" RCODEs for "_25._tcp.<zone-apex>. TLSA ?". The
provided NSEC records instead prove "NXDOMAIN". This breaks email to
these domains from DANE-enabled MTAs.
If I'm not mistaken, "worldnic.com" is a NetworkSolutions brand, don't
know whether they have anyone on this list. WHOIS contact Cc'd.
--
Viktor.
P.S. Top 5 nameservers with DoE breakage:
609 registrar-servers.com
402 worldnic.com
248 mijndomein.nl
138 axc.nl
75 ebola.cz
More information about the dns-operations
mailing list