1 |
Hello Robin, |
2 |
|
3 |
looks like we have an little issue using DNSSEC for bugs.gentoo.org, but |
4 |
not signing 339761.bugs.gentoo.org |
5 |
|
6 |
`dig does-not-exist.bugs.gentoo.org @8.8.8.8` |
7 |
returns A record with AD flag. |
8 |
`dig 339761.bugs.gentoo.org @8.8.8.8` |
9 |
returns A record w/o AD flag |
10 |
|
11 |
Both work with local unbound resolver with forwarders removed. |
12 |
It looks like stale, unsigned entries. |
13 |
|
14 |
Did you change anything in the last n days? |
15 |
Or is the cache of 141.1.1.1 and 8.8.8.8 really compromised? |
16 |
|
17 |
How do you sign these wildcards anyway? Would be interested. |
18 |
|
19 |
Michael |
20 |
|
21 |
|
22 |
[1] http://domainincite.com/2361-dnssec-to-kill-the-isp-wildcard |
23 |
|
24 |
-- |
25 |
Michael Weber |
26 |
Gentoo Developer |
27 |
web: https://xmw.de/ |
28 |
mailto: Michael Weber <xmw@g.o> |