login.authorize.net has A and CNAME records
Arne Jensen
darkdevil at darkdevil.dk
Tue Apr 6 19:59:04 UTC 2021
Den 06-04-2021 kl. 21:47 skrev Seth Mattinen:
>
>>
>> What kind of local problem or network problems could cause a servfail
>> response from the authoritative ns?
>
>
>
> I'm beginning to think this is a DNSSEC related problem, I'll ask on
> the pdns-users list. I see it's asking for a DS record on
> login.authorize.net.cdn.cloudflare.net when the nearest one appears to
> be at cloudflare.net, so for some reason that's not being applied all
> the way down.
I do somehow take that "local problem" part back again, which also
wasn't intended exactly in the way that it was written:
->
https://dnssec-analyzer.verisignlabs.com/login.authorize.net.cdn.cloudflare.net
Is looking at login.authorize.net.cdn.cloudflare.net/DNSKEY, but failing
due to the SERVFAIL.
-> https://dnsviz.net/d/login.authorize.net.cdn.cloudflare.net/dnssec/
Seems to claim that it works just fine.
Asking login.authorize.net.cdn.cloudflare.net/DNSKEY or
login.authorize.net.cdn.cloudflare.net/DS returns SERVFAIL here too.
But I don't think you should be querying /DNSKEY or /DS, except a the
(current) delegation's root, e.g. as you say yourself, at
"cloudflare.net" in this case.
Or if "cdn.cloudflare.net" had been a sub-delegation, then at that point...
--
Med venlig hilsen / Kind regards,
Arne Jensen
More information about the NANOG
mailing list