[Dnssec-deployment] Final step of .com DNSSEC deployment
Roy Arends
roy at dnss.ec
Fri Apr 1 06:00:52 EDT 2011
On Apr 1, 2011, at 10:38 AM, Lutz Donnerhacke wrote:
> * W.C.A. Wijngaards wrote:
>> This looks like the response that RFC4034 recommends for mistakenly
>> directed DS queries. The .com SOA validates correctly for me.
>
> This message confuses unbound and breaks validation.
Hi Lutz,
Apologies, but I'm not seeing it. COM seems to validate fine here using both unbound and bind.
Looking at the response (using the exact same command line argument you used), I get the exact same response as you quoted. We (for .uk) also send a similar response (authoritative 'NO DATA' response), as do other signed TLDs.
If you have logs available, or have any more information, please share.
Thanks!
Roy
More information about the Dnssec-deployment
mailing list