Hi Petr, On 23/01/18 12:17, Petr Menšík wrote: > Hello, > > I just tried new 0.15 dnssec-trigger. Once again there is problem with > domain chosen to make probes. > > $ dig @dns2.nic.uk. +norec +dnssec -t SOA uk.uk. > > returns NXDOMAIN.
Yes, that is why it is there. To get an NSEC3 response. > > For that reason, gen_random_nsec3_dest probe "_probe.uk.uk." will always > fail if chosen. Manual dnssec-trigger-control reprobe might be required. No, it works to get an NSEC3 response. > > My question is same as the last time. How were that domains chosen? At random. > > I found it cannot be even registered again: > https://www.nominet.uk/whois/?query=uk.uk#whois-results That is a good reason to have picked it; i.e. no registerable domain to elicit NXDOMAIN responses. > > Have been domain owners asked it is ok to use their domains? No, but if they wouldn't like it, we would of course pick some other NXDOMAIN response. Best regards, Wouter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnssec-trigger mailing list dnssec-trigger@NLnetLabs.nl https://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger