It appears that Niels Bakker <niels=na...@bakker.net> said: >* nanog@nanog.org (Dennis Burgess via NANOG) [Fri 15 Mar 2024, 16:26 CET]: >>So have *.app.linktechs.net that I have been trying to get to work, >>we have DNSSEC on this, and its failing, but cannot for the life of >>me understand why. I think it may have something to do with proving >>it exists as a wildcard, but any DNSSEC experts want to take a stab >>at it ? > >There are better mailing lists to ask this question (like >dns-operations at dns-oarc.net) but have you checked >https://dnsviz.net/d/www.app.linktechs.net/dnssec/ ?
I agree there are better places to ask, but here's a quick diagnosis: your nameserver is returning the wrong answer. What kind of server is it? Any modern nameserver should automatically return the correct DNSSEC stuff for wildcard responses. R's, John
