[Dnssec-trigger] A new kind of broken hotspot: RRSIG are OK but NSEC3 are deleted

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Oct 28 18:32:02 UTC 2011

On Thu, Oct 27, 2011 at 07:18:51PM +0200,
 W.C.A. Wijngaards <wouter at NLnetLabs.nl> wrote 
 a message of 43 lines which said:

> If you are still at the hotspot, it should now work (well, probe that it
> does *not* work) :-)

No need to go so far, at the RIPE meeting in Vienna, the hotel has a
broken resolver :-)

This is with 0.7, which seems to detect it and falls back to the authority:

% dnssec-trigger-control status
at 2011-10-28 20:15:40
authority OK 
cache error no NSEC3 in nodata reply
state: auth secure

More information about the dnssec-trigger mailing list