Hi David,
Given the interest in deploying DNSSEC more generally, it would be
really interesting to determine if this were the case.
I think Paul means that DNSSEC is the reason that auth01.ns.uu.net
is lame. That guy runs an old bind 8.3 or so and the other and is
not in the nameserver set (See dig +dnssec @NS.REGISTER.bg bg ns;
the +dnssec is optional :-)) and they didn't bother to tell their
parent (so your lot) that they want it out of the root zone for bg.
jaap
On Feb 23, 2007, at 11:35 AM, Paul Wouters wrote:
> On Fri, 23 Feb 2007, Zvezdelin Vladov wrote:
>
>> When a resolve for a ccTLD .bg, there is
>> a loop going on, maybe somewhere at auth01.ns.uu.net.
>
> .bg went DNSSEC recently. Perhaps auth01.ns.uu.net was running some
> old software that couldn't deal with that? Or has some silly
> firewall rules right in front of it that break it with DNSSEC.
PS. [Isn't this way too operational for DNSOP?]
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
