Hello Robin,
looks like we have an little issue using DNSSEC for bugs.gentoo.org, but
not signing 339761.bugs.gentoo.org
`dig does-not-exist.bugs.gentoo.org @8.8.8.8`
returns A record with AD flag.
`dig 339761.bugs.gentoo.org @8.8.8.8`
returns A record w/o AD flag
Both work with local unbound resolver with forwarders removed.
It looks like stale, unsigned entries.
Did you change anything in the last n days?
Or is the cache of 141.1.1.1 and 8.8.8.8 really compromised?
How do you sign these wildcards anyway? Would be interested.
Michael
[1] http://domainincite.com/2361-dnssec-to-kill-the-isp-wildcard
--
Michael Weber
Gentoo Developer
web: https://xmw.de/
mailto: Michael Weber x...@gentoo.org