Greetings - As of Nov. 22 Neustar UltraDNS has completed the rollout of the latest resolver which addresses the NSEC3 authenticated denial of existence issues.
Thanks to Viktor for assisting in the testing and verification of the fix. -Steve On 8/11/15, 10:20 PM, "DNSOP on behalf of Viktor Dukhovni" <dnsop-boun...@ietf.org on behalf of ietf-d...@dukhovni.org> wrote: > * Outdated versions of PowerDNS, don't handle denial of > existence correctly, the query domain's immediate parent > also does not exist. In particular queries of the form: > > _25._tcp.example.com. IN TLSA ? > > fail to elicit proof that "_tcp" does not exist (which is > typically the case). The response is then "bogus", and mail > is delayed. > > This currently afflicts various Neustar.biz nameservers, in > some cases appearing as nameservers for various customers. > > _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
