Indeed, DNSviz seems to confirm the problem:
https://dnsviz.net/d/sportbladet.se/Yf1XbQ/dnssec/
The signature of the NSEC record looks strange to me:
% dig @a.ns.se. +dnssec A sportbladet.se
; <<>> DiG 9.16.1-Ubuntu <<>> @a.ns.se. +dnssec A sportbladet.se
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60924
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 5
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: 0048c3eb59d11c2b0100000061fd58dcdecd7e08e6619bd5 (good)
;; QUESTION SECTION:
;sportbladet.se. IN A
;; AUTHORITY SECTION:
sportbladet.se. 86400 IN NS dns02.ports.se.
sportbladet.se. 86400 IN NS dns03.ports.se.
sportbladet.se. 86400 IN NS dns04.ports.net.
sportbladet.se. 86400 IN NS dns01.dipcon.com.
sportbladet.se. 7200 IN NSEC sportbladet-tv.se. NS RRSIG NSEC
sportbladet.se. 7200 IN RRSIG NSEC 8 2 7200 (
20220217023427 20220204111055 30015 se.
AAH/////////////////////////////////////////
////////////////////////////////////////////
////////////////////////////////////////////
////////////////////////////////////////////
////////////////////////////////////////////
////////////////////////////////////////////
////////ADAxMA0GCWCGSAFlAwQCAQUABCDDlM45/p82
gs9EuWI0BODTVEgrkVM5ZrtG98oLVgefGQ== )
;; ADDITIONAL SECTION:
dns03.ports.se. 86400 IN AAAA 2a04:3540:1000:310:287e:f6ff:fe1d:4789
dns02.ports.se. 86400 IN AAAA 2001:19f0:5001:2a:5400:ff:fe38:1e6f
dns03.ports.se. 86400 IN A 94.237.33.102
dns02.ports.se. 86400 IN A 45.63.42.179
;; Query time: 39 msec
;; SERVER: 2a01:3f0:0:301::53#53(2a01:3f0:0:301::53)
;; WHEN: ven. févr. 04 17:48:28 CET 2022
;; MSG SIZE rcvd: 595
--- Begin Message ---
Anyone else seeing dnssec issues on unsigned .se domains?
Apparently, if a unsigned domain is followed by a signed domain in the .se zone - the domain wont resolve due to NSEC errors.
Example:
Sportbladet.se
Kgkfastigheter.se
Deltacity.se
| Med vänlig hälsning / Best Regards |
| | |
| |
|
|
| The General Terms applicable to our services are available on our website, here. Please refer to our Privacy Policy for information about how we process personal data. This e-mail may contain legally privileged and confidential information. If you are not the intended addressee, you are hereby notified that any reading, distribution, copying or other use of this message or attachments is strictly prohibited. If you have received this message in error, return to us and delete this email. Thank you.
|
|
|
|
_______________________________________________
Outages mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/outages
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
