Hello Robin,

looks like we have an little issue using DNSSEC for bugs.gentoo.org, but
not signing 339761.bugs.gentoo.org

`dig does-not-exist.bugs.gentoo.org @8.8.8.8`
  returns A record with AD flag.
`dig 339761.bugs.gentoo.org @8.8.8.8`
  returns A record w/o AD flag

Both work with local unbound resolver with forwarders removed.
It looks like stale, unsigned entries.

Did you change anything in the last n days?
Or is the cache of 141.1.1.1 and 8.8.8.8 really compromised?

How do you sign these wildcards anyway? Would be interested.

   Michael


[1] http://domainincite.com/2361-dnssec-to-kill-the-isp-wildcard

-- 
Michael Weber
Gentoo Developer
web: https://xmw.de/
mailto: Michael Weber <x...@gentoo.org>

Reply via email to