Hi Daniel, > Your nameserver breaks https://www.rfc-editor.org/rfc/rfc8020
I'd rather say 'does not implement' instead of 'break': As RFC 8020 points out, the (almost 30 years older) RFC 1034 is very unspecific about the details on how a nameserver should behave in such a situation. (And opinions seem to have changed over time, see https://groups.google.com/g/comp.protocols.dns.std/c/j0ddY0jZhog/m/yHN9ew5Q5GkJ) Therefore, there *are* existing implementations which do seem to return NXDOMAIN in such cases - probably because their implementation predates RFC8020, one of them being AWS / Route53: Example: $ dig txt mv2jefm7mwexbuk5zvfgdg5yzcylqkwc._domainkey.just-eat.ch Returns the expected data while $ dig txt _domainkey.just-eat.ch returns NXDOMAIN. Note that i don't want to argue whether or not everyone should implement RFC8020: All i'm saying is that there are servers in the wild which do return NXDOMAIN and hence it is almost impossible to say whether or not a domain has DKIM enabled. Regards, Adrian
_______________________________________________ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
