nanog mailing list archives
Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu)
From: Arne Jensen <darkdevil () darkdevil dk>
Date: Wed, 8 Dec 2021 15:22:07 +0100
Den 08-12-2021 kl. 14:35 skrev Marco Davids (Private) via NANOG:
It is my understanding that the CNAME should never have been followed, since there isn't any covering RRSIG for the actual CNAME, exactly as the elaborative message on dnsviz.net claims.Hi Laura, Something seems the matter, indeed: https://dnsviz.net/d/european-union.europa.eu/YbCzrQ/dnssec/ It's weird; 1.1.1.1 resolves, 8.8.8.8 and 9.9.9.9 return SERVFAIL.
As such, the CNAME record cannot be verified to be authentic.To me, that part of it also points towards a broken implementation at CloudFlare, letting a bogus (insecure) responses take effect anyway.
-- Med venlig hilsen / Kind regards, Arne Jensen
Current thread:
- Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Laura Smith via NANOG (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Marco Davids (Private) via NANOG (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Arne Jensen (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Niels Bakker (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Ca By (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Masataka Ohta (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Arne Jensen (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Ca By (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Francis Booth via NANOG (Dec 09)
- RE: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Jean St-Laurent via NANOG (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Ca By (Dec 09)
- RE: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Jean St-Laurent via NANOG (Dec 09)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Arne Jensen (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Marco Davids (Private) via NANOG (Dec 08)
- Re: Anyone else seeing DNSSEC failures from EU Commission ? (european-union.europa.eu) Nick Hilliard (Dec 09)