[Unbound-users] Is it just me?

Marco Davids marco.davids at sidn.nl
Fri Mar 18 20:48:26 UTC 2011


On 03/18/2011 09:11 PM, Olaf Kolkman wrote:

>> I have made the ICANN IT department aware of this issue.
>> Not Unbound related, so case closed here.
> What is the issue exactly?

I had some problems resolving www.iana.org for a while, until I decided
to take a closer look into this.

I use Unbound (what else :-) with 0x20 enabled (for fun, basically).

To make a long story short:

- www.iana.org has CNAME ianawww.vip.icann.org.
- vip.icann.org. has three nameservers
- they don't return an RRSIG if there are uppercases in the qname, just
the A record:

dig +dnssec ianawww.VIP.icann.org. @gtm1.dc.icann.org.

ICANN IT department is looking into this, together with their
loadbalancer vendor.

The 0x20 option is just for fun, I don't care much about it. Much more
important to me is that ICANN should set an example in running
RFC-compliant name servers.



More information about the Unbound-users mailing list