Some resolvers protest on .in. It seems they have a RSASHA256 key but no RSASHA256 signatures, thus violating RFC 4035, section 2.2 "There MUST be an RRSIG for each RRset using at least one DNSKEY of EACH ALGORITHM".
(Cannot show a nice DNSviz picture, DNSviz seems broken at this time.) _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
