As seen at:
https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/worldnic.com.html
over 400 "small" signed zones (zone apex only in the NSEC chain) return
incorrect "NODATA" RCODEs for "_25._tcp.<zone-apex>. TLSA ?". The
provided NSEC records instead prove "NXDOMAIN". This breaks email to
these domains from DANE-enabled MTAs.
If I'm not mistaken, "worldnic.com" is a NetworkSolutions brand, don't
know whether they have anyone on this list. WHOIS contact Cc'd.
--
Viktor.
P.S. Top 5 nameservers with DoE breakage:
609 registrar-servers.com
402 worldnic.com
248 mijndomein.nl
138 axc.nl
75 ebola.cz
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
