> On Mar 15, 2024, at 11:47 AM, Matthew Pounsett <[email protected]> wrote: > > On Fri, Mar 15, 2024 at 6:03 AM libor.peltan <[email protected] > <mailto:[email protected]>> wrote: >> >> >> I tried it by hand and indeed, the problem is solely at ultradns servers: >> >> Looking at the output, there is a (redundant) NSEC proving the >> non-existence of the wildcard *.dns-oarc.net <http://dns-oarc.net/>. >> instead(!): dns-oarc.net <http://dns-oarc.net/>. >> 3600 IN NSEC fs1.10g.dns-oarc.net >> <http://fs1.10g.dns-oarc.net/>. A NS SOA MX TXT >> AAAA RRSIG NSEC DNSKEY CDS CDNSKEY CA >> >> This remind me of a similar issue that we have fixed in Knot DNS some >> years ago, but I con't find it at the moment, it seems that what we have >> fixed is wildcard answers in connection with CNAMEs/DNAMEs and stuff, >> but not this straightforward situation... >> >> In any case, you should probably tell UltraDNS to use recent versions of >> whatever software they use. > > I'm fairly sure they're still using their own in-house server software. I'll > report this to their support and see what happens.
We will investigate. Thanks for the heads-up! dave UltraDNS
--
