| 1 |
Hello Robin, |
| 2 |
|
| 3 |
looks like we have an little issue using DNSSEC for bugs.gentoo.org, but |
| 4 |
not signing 339761.bugs.gentoo.org |
| 5 |
|
| 6 |
`dig does-not-exist.bugs.gentoo.org @8.8.8.8` |
| 7 |
returns A record with AD flag. |
| 8 |
`dig 339761.bugs.gentoo.org @8.8.8.8` |
| 9 |
returns A record w/o AD flag |
| 10 |
|
| 11 |
Both work with local unbound resolver with forwarders removed. |
| 12 |
It looks like stale, unsigned entries. |
| 13 |
|
| 14 |
Did you change anything in the last n days? |
| 15 |
Or is the cache of 141.1.1.1 and 8.8.8.8 really compromised? |
| 16 |
|
| 17 |
How do you sign these wildcards anyway? Would be interested. |
| 18 |
|
| 19 |
Michael |
| 20 |
|
| 21 |
|
| 22 |
[1] http://domainincite.com/2361-dnssec-to-kill-the-isp-wildcard |
| 23 |
|
| 24 |
-- |
| 25 |
Michael Weber |
| 26 |
Gentoo Developer |
| 27 |
web: https://xmw.de/ |
| 28 |
mailto: Michael Weber <xmw@g.o> |
Archives