[Unbound-users] Is it just me?
Marco Davids
marco.davids at sidn.nl
Fri Mar 18 20:48:26 UTC 2011
Olaf,
On 03/18/2011 09:11 PM, Olaf Kolkman wrote:
>> I have made the ICANN IT department aware of this issue.
>>
>> Not Unbound related, so case closed here.
>
>
> What is the issue exactly?
I had some problems resolving www.iana.org for a while, until I decided
to take a closer look into this.
I use Unbound (what else :-) with 0x20 enabled (for fun, basically).
To make a long story short:
- www.iana.org has CNAME ianawww.vip.icann.org.
- vip.icann.org. has three nameservers
- they don't return an RRSIG if there are uppercases in the qname, just
the A record:
dig +dnssec ianawww.VIP.icann.org. @gtm1.dc.icann.org.
ICANN IT department is looking into this, together with their
loadbalancer vendor.
The 0x20 option is just for fun, I don't care much about it. Much more
important to me is that ICANN should set an example in running
RFC-compliant name servers.
Regards,
--
Marco
More information about the Unbound-users
mailing list