nanog mailing list archives
Re: DNSSEC & WIldcards
From: "John Levine" <johnl () iecc com>
Date: 15 Mar 2024 13:17:56 -0400
It appears that Niels Bakker <niels=nanog () bakker net> said:
* nanog () nanog org (Dennis Burgess via NANOG) [Fri 15 Mar 2024, 16:26 CET]:So have *.app.linktechs.net that I have been trying to get to work, we have DNSSEC on this, and its failing, but cannot for the life of me understand why. I think it may have something to do with proving it exists as a wildcard, but any DNSSEC experts want to take a stab at it ?There are better mailing lists to ask this question (like dns-operations at dns-oarc.net) but have you checked https://dnsviz.net/d/www.app.linktechs.net/dnssec/ ?
I agree there are better places to ask, but here's a quick diagnosis: your nameserver is returning the wrong answer. What kind of server is it? Any modern nameserver should automatically return the correct DNSSEC stuff for wildcard responses. R's, John
Current thread:
- DNSSEC & WIldcards Dennis Burgess via NANOG (Mar 15)
- Re: DNSSEC & WIldcards Niels Bakker (Mar 15)
- Re: DNSSEC & WIldcards John Levine (Mar 15)
- Re: DNSSEC & WIldcards Bjørn Mork (Mar 15)
- Re: DNSSEC & WIldcards Mark Andrews (Mar 15)
- Re: DNSSEC & WIldcards Matthew Pounsett (Mar 15)
- Re: DNSSEC & WIldcards Bjørn Mork (Mar 15)
- Re: DNSSEC & WIldcards Mark Andrews (Mar 15)
- Re: DNSSEC & WIldcards Bjørn Mork (Mar 15)
- RE: DNSSEC & WIldcards Dennis Burgess via NANOG (Mar 15)
- Re: DNSSEC & WIldcards Bjørn Mork (Mar 15)
- Re: DNSSEC & WIldcards Mark Andrews (Mar 15)
- RE: DNSSEC & WIldcards Dennis Burgess via NANOG (Mar 15)
- Re: DNSSEC & WIldcards Niels Bakker (Mar 15)