[ih] DKIM history, was IETF relevance (was Memories of Flag Day?)
Steffen Nurpmeso
steffen at sdaoden.eu
Thu Aug 31 13:15:23 PDT 2023
Jeremy C. Reed via Internet-history wrote in
<f4dc771f-d02-5f2f-ac67-8a7fc2eca587 at reedmedia.net>:
|On Thu, 31 Aug 2023, Steffen Nurpmeso via Internet-history wrote:
...
|> For example "dig X rrsig" for FreeBSD.org and NetBSD.org gives
|> good results, yet funnily ietf.org does not. (Unless i am
|> mistaken.)
|
|You will get inconsistent results when querying for RRSIG type.
|Even freebsd.org's nameservers give different results:
|
|RRSIGs for all covered types for that name
|
|or
|
|REFUSED
|
|And ietf.org's nameservers also give different results:
|
| - returns NOERROR with 0 answers
|
| - REFUSED
|
|At least one of their server's returns error (via EDNS):
|
|; OPT=15: 00 15 52 52 53 49 47 20 71 75 65 72 69 65 73 20 6e 6f 74 20 73
|75 70 70 6f 72 74 65 64 20 68 65 72 65 ("..RRSIG queries not supported
|here")
|
|Attempting to query for RRSIG anywhere is not expected behavior and will
|get varied results (and a resolver may return SERVFAIL when it fails).
|
|Use dig +dnssec or set the DO flag.
Yes. And +edns.
Thanks.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the Internet-history
mailing list