disable dnssec for particular domain
Mark Elkins
mje at posix.co.za
Wed Feb 7 11:40:29 UTC 2018
Thanks for providing the domain name in question (testa.eu).
Indeed, port 43 whois shows no nameservers - neither does the web based
whois on whois.eurid.eu, though the name does exist in the 'eu' registry
system.
Dig gives me nothing either...
$ dig testa.eu ns +short
$ dig testa.eu ds +short
If there are no Nameservers for testa.eu in the eu zone (which appears
to be the case) - then DNSSEC in this case is a Red Herring. There is
nothing to validate.
It's possible to register a Domain in EU without supplying Nameservers.
I guess this is so people can either reserve a name for future use or
block anyone else from ever having it without the complications of
setting up Nameservers. This seems to be the case here.
On 07/02/2018 13:07, Matus UHLAR - fantomas wrote:
>> On 06/02/2018 16:31, Matus UHLAR - fantomas wrote:
>>> what's the difference, when the domain doesn't exist?
>>>
>>> is it because .eu is signed?
>
> On 06.02.18 16:35, Ray Bellis wrote:
>> Perhaps, although I'm not sure why given that .eu is signed with NSEC3
>> and opt-out.
>>
>> Are you *sure* that the domain doesn't now actually exist in the DNS?
>
> yes. even web whois shows no 'nameserver' information.
>
> the name is "testa.eu".
> I'm not good at dnssec to find out more.
>
> thanks you
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
More information about the bind-users
mailing list