Sparklight and DNSSEC
Benny Pedersen
me at junc.eu
Mon Sep 26 22:06:04 UTC 2022
Nick Tait via bind-users skrev den 2022-09-26 23:50:
> On 27/09/2022 3:58 am, Benny Pedersen wrote:
>> imho dnssec-validation auto; have a bug as it validates domains
>> without DS set
>>
>> hope bind developpers can confirm or deny it
>
> Hi Benny.
>
> Until DS records are published in the parent zone, the (signed) zone
> is considered 'insecure', and validation doesn't occur. i.e. The
> behaviour you described above is how it is supposed to work.
+1
https://gitlab.isc.org/isc-projects/bind9/-/issues/3465
https://www.irccloud.com/pastebin/YlJORfJK/delv%20plex.tv%20and%20later%20logs
just an example log
https://bugs.gentoo.org/872449 dont know if that will solve it or not
on some domains its possible to just do "rndc nta domain" to solve it
shurtly, as some domains cant be sent email to before its nta listed :/
>
> Nick.
More information about the bind-users
mailing list