As seen at:
https://dnssec-stats.ant.isi.edu/~viktor/dnsviz/worldnic.com.html over 400 "small" signed zones (zone apex only in the NSEC chain) return incorrect "NODATA" RCODEs for "_25._tcp.<zone-apex>. TLSA ?". The provided NSEC records instead prove "NXDOMAIN". This breaks email to these domains from DANE-enabled MTAs. If I'm not mistaken, "worldnic.com" is a NetworkSolutions brand, don't know whether they have anyone on this list. WHOIS contact Cc'd. -- Viktor. P.S. Top 5 nameservers with DoE breakage: 609 registrar-servers.com 402 worldnic.com 248 mijndomein.nl 138 axc.nl 75 ebola.cz _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations