--- Begin Message ---
Viktor, dnsop community,
If there additional missing NSEC|NSEC3 RR issues with Google Public
DNS you are aware of, please respond here or file a ticket
(https://developers.google.com/speed/public-dns/groups#issue_tracker).
On Sat, Feb 6, 2021 at 1:17 AM Viktor Dukhovni <[email protected]> wrote:
>
> > On Sep 16, 2020, at 6:31 PM, Viktor Dukhovni <[email protected]> wrote:
> >
> > Now it is Google's turn. I still see an incomplete NSEC3 RRset from
> > 8.8.8.8:
> >
> > $ hsdig -n8.8.8.8 -D -t tlsa _25._tcp.mx.runbox.com
> > _25._tcp.mx.runbox.com. IN TLSA ? ; NoError AD=1
> > runbox.com. IN SOA dns61.copyleft.no. [email protected]. 3000008499
> > 14400 3600 1296000 3600
> > runbox.com. IN RRSIG SOA 13 2 86400 20200930104345 20200916091345 18202
> > runbox.com. <sig>
> > *.runbox.com. IN NSEC _acme-challenge.runbox.com. A MX RRSIG NSEC
> > *.runbox.com. IN RRSIG NSEC 13 2 3600 20200930104345 20200916091345
> > 18202 runbox.com. <sig>
>
> I am seeing this issue again, intermittently from various Google
> DNS servers. Here's an example from 8.8.4.4:
>
> _25._tcp.mx.runbox.com. IN TLSA ? ; NoError AD=1
> runbox.com. IN SOA dns61.copyleft.no. [email protected]. 3000008714
> 14400 3600 1296000 3600
> runbox.com. IN RRSIG SOA 13 2 86400 20210219161924 20210205144924 12629
> runbox.com. <sig>
> *.runbox.com. IN NSEC _acme-challenge.runbox.com. A MX RRSIG NSEC
> *.runbox.com. IN RRSIG NSEC 13 2 3600 20210219161924 20210205144924 12629
> runbox.com. <sig>
I can reproduce the issue internally. A fix should be coming in the near future.
>
> Or DNSViz (3 of the four public IPs):
>
> https://dnsviz.net/d/_25._tcp.mx.runbox.com/e/437682/dnssec/
>
> --
> Viktor.
>
>
> _______________________________________________
> dns-operations mailing list
> [email protected]
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
