Greetings again. Those of us who research DNSSEC adoption in the real world are being a bit stymied by some of the sign-on-the-fly systems, such as this one, apparently from UltraDNS. (Similar results are given for any nonexistent name in house.gov, such as "www1".)
--Paul Hoffman # dig +dnssec +noidnout anynameyouwant.house.gov a ; <<>> DiG 9.16.10 <<>> +dnssec +noidnout anynameyouwant.house.gov a ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3131 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ; COOKIE: 82c292cc154c0bee35a4c8d95ff3cf3d4fb01e0d645f3375 (good) ;; QUESTION SECTION: ;anynameyouwant.house.gov. IN A ;; AUTHORITY SECTION: ~.anynameyouwans~.house.gov. 882 IN RRSIG NSEC 13 4 900 20210625144704 20201227144704 34842 house.gov. cyHvX3u6PVXUmSqWwFbzDEwKDpCLklowf+QnNF5q4hwUulvaZci+n2Ml yK7K2Q0ttdsaicN255QJmNU7pBD5qA== ~.anynameyouwans~.house.gov. 882 IN NSEC anynameyouwant!.house.gov. RRSIG NSEC !~.house.gov. 882 IN RRSIG NSEC 13 3 900 20210625144704 20201227144704 34842 house.gov. gQ8Rwjx/31pXh0Anx9+wYSmj3BRpKp7PGegmEvmdejiVV6UmFfds8YyV nqjs9Au1XZVgNjtE9fjQC87nElKUCQ== !~.house.gov. 882 IN NSEC -.house.gov. RRSIG NSEC house.gov. 882 IN SOA pdns109.ultradns.com. ncc.mail.house.gov. 1407134 10800 1080 2419200 900 house.gov. 882 IN RRSIG SOA 13 2 900 20210625144704 20201227144704 34842 house.gov. p4vIz0ORiZPlwbbpbGo5TEex+eYnvgj+pLzIaK4mSHwUzF+bk15Xx6ao HikR5X1/ejuVUIuS6teRjm8ZVdoKag==
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
