Hi David, Given the interest in deploying DNSSEC more generally, it would be really interesting to determine if this were the case.
I think Paul means that DNSSEC is the reason that auth01.ns.uu.net is lame. That guy runs an old bind 8.3 or so and the other and is not in the nameserver set (See dig +dnssec @NS.REGISTER.bg bg ns; the +dnssec is optional :-)) and they didn't bother to tell their parent (so your lot) that they want it out of the root zone for bg. jaap On Feb 23, 2007, at 11:35 AM, Paul Wouters wrote: > On Fri, 23 Feb 2007, Zvezdelin Vladov wrote: > >> When a resolve for a ccTLD .bg, there is >> a loop going on, maybe somewhere at auth01.ns.uu.net. > > .bg went DNSSEC recently. Perhaps auth01.ns.uu.net was running some > old software that couldn't deal with that? Or has some silly > firewall rules right in front of it that break it with DNSSEC. PS. [Isn't this way too operational for DNSOP?] _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop