[dns-operations] DNSSEC queries to Amazon EC2 without signatures
Petr Menšík
pemensik at redhat.com
Tue Jun 7 16:00:21 UTC 2022
Is anyone from Amazon EC2 DNS team present?
We have Testing Farm for Fedora project on AWS instances. Because our
internal network restricts outgoing DNS packets, we always rely on
resolvers provided by the network. However, our unbound test containing
DNSSEC validation fails. The server does not answer to dnssec enabled
query with signatures, which are required for working resolution.
Another issue is bad handling of empty non-terminals. Name dig soa
us-east-2.compute.internal answers without error, but dig soa
compute.internal ends with NXDOMAIN status. Because Amazon is member of
DNS-OARC, do you know, when such reports should be directed?
Thanks!
--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
More information about the dns-operations
mailing list