Google's recursive DNS seems to dislike a registry operator removing DS for some of their zones in parent zones, while still signing parent and child properly. Even the now absence of DS is properly signed.
The response is SERVFAIL even though the TTL has long since expired in all caches. Also, there is no DS in their cache when queried about DS. All other known open recursive providers seem to adhere to the expected behaviour. Is this a bug, Google? Feel free to contact me directly if you need specific zone names. -- Robert Martin-Legene
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
