[dns-operations] Delegation of amazonses.com
Yasuhiro Orange Morishita / 森下泰宏
yasuhiro at jprs.co.jp
Wed Jan 8 09:55:51 UTC 2025
Hi,
> We have CNAMEs pointing to dkim.amazonses.com So I inspected the
> domain and notices a DNSVIS warning:
> https://dnsviz.net/d/dkim.amazonses.com/Z343qg/dnssec/
DNSViz says this:
Warnings (1)
com to amazonses.com: Authoritative AAAA records exist for
ns-265.awsdns-33.com, but there are no corresponding AAAA glue
records. See RFC 1034, Sec. 4.2.2.
ns-265.awsdns-33.com have both an IPv4 and an IPv6 address,
but the IPv6 address seems to be not registered to Verisign[*1].
Therefore, the IPv6 address for glue record(s) of the host is not set
to the com zone.
Certainly, admin(s) of awsdns-33.com need to add an IPv6 address in
the host information.
But, I think that is not a cause of the DMARC failures.
Regards,
-- Yasuhiro Orange Morishita
[*1] According to Internic WHOIS (see below), it appears an IPv4 address only.
ns-265.awsdns-33.com
Server Name: NS-265.AWSDNS-33.COM
IP Address: 205.251.193.9
Registrar: MarkMonitor Inc.
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
>>> Last update of whois database: 2025-01-08T09:41:57Z <<<
From: "A. Schulze" <sca at andreasschulze.de>
Subject: Delegation of amazonses.com
Date: Wed, 08 Jan 2025 10:11:17 +0100
>
> Hello,
>
> We're looking for reasons result in DMARC validation failures.
> One assumption are random failures while fetching DKIM public keys
> from dns.
>
> We have CNAMEs pointing to dkim.amazonses.com So I inspected the
> domain and notices a DNSVIS warning:
> https://dnsviz.net/d/dkim.amazonses.com/Z343qg/dnssec/
>
> As this is not a new issue, I don't think, it's the reason for our
> primary issue but shouldn't that be fixed anyway?
>
> Andreas
>
More information about the dns-operations
mailing list