On Sun, May 08, 2016 at 11:35:46PM +0900, Daisuke HIGASHI <daisuke.higashi at gmail.com> wrote a message of 20 lines which said: > Isn't that TLD signed with NSEC3 Opt-Out ? It's .io and, yes, it uses Opt-Out: 0dcnrnddcil4ucmvpbaekvtkjh1hud3v.io. 3600 IN NSEC3 1 1 5 E35770A11A ( 0EC3N02EKQT2RUTJOS87A6A86AIILG4C NS DS RRSIG )