Maintained by: NLnet Labs

[Unbound-users] Is it just me?

Marco Davids
Fri Mar 18 21:48:26 CET 2011


Olaf,

On 03/18/2011 09:11 PM, Olaf Kolkman wrote:

>> I have made the ICANN IT department aware of this issue.
>>
>> Not Unbound related, so case closed here.
> 
> 
> What is the issue exactly?

I had some problems resolving www.iana.org for a while, until I decided
to take a closer look into this.

I use Unbound (what else :-) with 0x20 enabled (for fun, basically).

To make a long story short:

- www.iana.org has CNAME ianawww.vip.icann.org.
- vip.icann.org. has three nameservers
- they don't return an RRSIG if there are uppercases in the qname, just
the A record:

dig +dnssec ianawww.VIP.icann.org. @gtm1.dc.icann.org.

ICANN IT department is looking into this, together with their
loadbalancer vendor.

The 0x20 option is just for fun, I don't care much about it. Much more
important to me is that ICANN should set an example in running
RFC-compliant name servers.

Regards,

--
Marco