[outages] DNSSEC issues .se

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Feb 4 11:46:53 EST 2022 

On Fri, Feb 04, 2022 at 04:25:57PM +0000,
 Jonathan Sélea via Outages <outages at outages.org> wrote 
 a message of 768 lines which said:

>    Anyone else seeing dnssec issues on unsigned .se domains?

Indeed https://dnsviz.net/d/sportbladet.se/Yf1XbQ/dnssec/ 

> Apparently, if a unsigned domain is followed by a signed domain in the
>    .se zone - the domain wont resolve due to NSEC errors.

Indeed, the NSEC signature is strange:

% dig @a.ns.se. +cd +dnssec A Sportbladet.se

; <<>> DiG 9.16.1-Ubuntu <<>> @a.ns.se. +cd +dnssec A Sportbladet.se
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24863
;; flags: qr rd cd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: 4e597800e9df28eb0100000061fd57eba6944eceaffbe5ee (good)
;; QUESTION SECTION:
;Sportbladet.se.		IN A

;; AUTHORITY SECTION:
sportbladet.se.		86400 IN NS dns04.ports.net.
sportbladet.se.		86400 IN NS dns01.dipcon.com.
sportbladet.se.		86400 IN NS dns02.ports.se.
sportbladet.se.		86400 IN NS dns03.ports.se.
sportbladet.se.		7200 IN	NSEC sportbladet-tv.se. NS RRSIG NSEC
sportbladet.se.		7200 IN	RRSIG NSEC 8 2 7200 (
				20220217023427 20220204111055 30015 se.
				AAH/////////////////////////////////////////
				////////////////////////////////////////////
				////////////////////////////////////////////
				////////////////////////////////////////////
				////////////////////////////////////////////
				////////////////////////////////////////////
				////////ADAxMA0GCWCGSAFlAwQCAQUABCDDlM45/p82
				gs9EuWI0BODTVEgrkVM5ZrtG98oLVgefGQ== )

;; ADDITIONAL SECTION:
dns03.ports.se.		86400 IN AAAA 2a04:3540:1000:310:287e:f6ff:fe1d:4789
dns02.ports.se.		86400 IN AAAA 2001:19f0:5001:2a:5400:ff:fe38:1e6f
dns03.ports.se.		86400 IN A 94.237.33.102
dns02.ports.se.		86400 IN A 45.63.42.179

;; Query time: 35 msec
;; SERVER: 2a01:3f0:0:301::53#53(2a01:3f0:0:301::53)
;; WHEN: ven. févr. 04 17:44:27 CET 2022
;; MSG SIZE  rcvd: 607

More information about the Outages mailing list