[outages] DNSSEC issues .se
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Feb 4 12:00:52 EST 2022
On Fri, Feb 04, 2022 at 04:25:57PM +0000,
Jonathan Sélea via Outages <outages at outages.org> wrote
a message of 768 lines which said:
> Anyone else seeing dnssec issues on unsigned .se domains?
> Apparently, if a unsigned domain is followed by a signed domain in the
> .se zone - the domain wont resolve due to NSEC errors.
Not only. deltacity.se is signed but the DS record also has the
strange signature:
% dig @a.ns.se DS deltacity.se
; <<>> DiG 9.16.1-Ubuntu <<>> @a.ns.se DS deltacity.se
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16734
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: 43b7c3680ea3613a0100000061fd5b79523d4d0ce26efd10 (good)
;; QUESTION SECTION:
;deltacity.se. IN DS
;; ANSWER SECTION:
deltacity.se. 3600 IN DS 2371 13 2 (
10D93CDBC66AB7BDAD1B5DAA0C91C3CAC83FC5E5D0D2
9A4D5C5A60C1029C4C90 )
deltacity.se. 3600 IN RRSIG DS 8 2 3600 (
20220218000621 20220204111055 30015 se.
AAH/////////////////////////////////////////
////////////////////////////////////////////
////////////////////////////////////////////
////////////////////////////////////////////
////////////////////////////////////////////
////////////////////////////////////////////
////////ADAxMA0GCWCGSAFlAwQCAQUABCAPBvXtziUA
4hVkukIixa7pw08KxXpzzylxHdz2eM6gfg== )
;; Query time: 39 msec
;; SERVER: 2a01:3f0:0:301::53#53(2a01:3f0:0:301::53)
;; WHEN: ven. févr. 04 17:59:38 CET 2022
;; MSG SIZE rcvd: 407
More information about the Outages
mailing list