Hi,
fedorahosted.org and fedorapeople.org use wildcards which fail often when people are chained to an older bind version with the "NOQNAME NSEC/NSEC3 proof extraction bug". (See https://bugzilla.redhat.com/show_bug.cgi?id=824219) For tools (like dnssec trigger) to detect this, we need a "stable" location of such a wildcard to add a probe test. Ideally within a TLD as dnssec-trigger prefers to use TLDs for stability - it would be bad if a test gave a false positive and reconfigures everyone's forwarding resolver differently. As this issue comes up with a new duplicate bug entry every few months, I'm looking at a friendly (DNSSEC signed) TLD who has or is willing to put in a wildcard at some very stable location so we can add this test to dnssec-trigger. Paul _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
