[ih] DKIM history, was IETF relevance (was Memories of Flag Day?)
Jeremy C. Reed
reed at reedmedia.net
Wed Aug 30 15:28:57 PDT 2023
On Thu, 31 Aug 2023, Steffen Nurpmeso via Internet-history wrote:
> and gives advice. Also 14 years. In respect to this i think
> a re-evaluation might find that an elder protocol can be improved
> simply by taking into account the growing number of domains which
> use those features.
> For example "dig X rrsig" for FreeBSD.org and NetBSD.org gives
> good results, yet funnily ietf.org does not. (Unless i am
> mistaken.)
You will get inconsistent results when querying for RRSIG type.
Even freebsd.org's nameservers give different results:
RRSIGs for all covered types for that name
or
REFUSED
And ietf.org's nameservers also give different results:
- returns NOERROR with 0 answers
- REFUSED
At least one of their server's returns error (via EDNS):
; OPT=15: 00 15 52 52 53 49 47 20 71 75 65 72 69 65 73 20 6e 6f 74 20 73
75 70 70 6f 72 74 65 64 20 68 65 72 65 ("..RRSIG queries not supported
here")
Attempting to query for RRSIG anywhere is not expected behavior and will
get varied results (and a resolver may return SERVFAIL when it fails).
Use dig +dnssec or set the DO flag.
More information about the Internet-history
mailing list