[dns-operations] .GL (Greenland) 2LD DS denial of existence problems

Tue Jun 20 09:39:32 UTC 2023

On Mon, Jun 19, 2023 at 10:23:13PM -0400,
 Viktor Dukhovni <ietf-dane at dukhovni.org> wrote 
 a message of 66 lines which said:

> The .GL TLD returns bogus NXDOMAIN responses to DS queries for:

But it replies properly for NSEC3PARAM :-)

% dig +dnssec @d.nic.gl NSEC3PARAM com.gl

; <<>> DiG 9.18.12-1-Debian <<>> +dnssec @d.nic.gl NSEC3PARAM com.gl
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55173
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: 734ffb7abf3db0bf51ad1f92649173941779bd5c41101e6d (good)
;; QUESTION SECTION:
;com.gl.				IN	NSEC3PARAM

;; ANSWER SECTION:
com.gl.			0	IN	NSEC3PARAM 1 0 10 788F7E66
com.gl.			0	IN	RRSIG	NSEC3PARAM 8 2 0 20230705140000 20230618140000 36840 com.gl. GhwPL1HdLpQFd0TYzqsa79AgDyAcZMOKK63LVPZK0TjrcT8ffaKo4ZYU 6a0Pv0yifl07xPNMmxSb4EHodk9TYoOG4BAX624zTs8fhfkdjzvhh64T WSieZsXvEQ5Z8yizzutL3Tp3kST2nYDCXnILpNSEiS/OIh28J7iQgJf1 JP65lKuoiPtYNVCqf4UjiGbPn3/ar9WijMB91tdqjBbOZIRvsFxSXfb6 VrQ8Fz82a8BA3h1QqeaH1KvyOz5wRHX4p7Qh3eYti7E1Zcp98lLDmOnx ZSo55voqtxCZxm/sxLWMdPCEZbyZEzU1Co6953V/jFvFZeYkZNWxhf1/ mbIclQ==

;; Query time: 0 msec
;; SERVER: 2001:500:14:6049:ad::1#53(d.nic.gl) (UDP)
;; WHEN: Tue Jun 20 11:38:28 CEST 2023
;; MSG SIZE  rcvd: 378