Hi, At SIDN (registry for .nl) we are aware of these problems and we are in touch with the registrars involved.
In particular TransIP is a bit of a challenge, because they run their own DNS-software and feel no rush to fix this issue. But rest assured that we will keep on trying to have them improve things. -- Marco On 20/11/14 08:34, Viktor Dukhovni wrote: > On Thu, Nov 20, 2014 at 06:29:42AM +0000, Viktor Dukhovni wrote: > >> A number of large DNS hosting providers have enabled DNSSEC support, >> but are using nameserver software that is not compatible with the >> specification with respect to authenticated denial of existence. > > Note, by far the bulk of the problem is with transip. From their > website: > > https://www.transip.co.uk/domain-name/transdns/ > > DNSSEC > > TransDNS is the foundation of our DNSSEC implementation, a DNS > protocol security extension. Signing more than 500.000 domain > names with DNSSEC was a challenge we gladly accepted. Because > of TransDNS we were one of the first domain providers in The > Netherlands that signed all our domain names. We are now the > largest DNSSEC provider in the world. We could not have done > this with third-party solutions. That is the reason why we > develop everything in-house. > > Perhaps they have more problems that show up in interop tests > because they indeed signed so many more domains that anyone else. > In any case, they would be a good place to start remediation. > > If anyone has contacts there and can reach out that would be great. >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
