On Fri, December 19, 2014 11:17, Viktor Dukhovni wrote: > > Your domain is DNSSEC-signed via the ISC DLV, which is sub-optimal, > given that the "ca" TLD supports DNSSEC. > > http://dnsviz.net/d/harte-lyne.ca/dnssec/ > > If your registrar does not support publishing "DS" records under > "ca.", I would find another registrar. > > Your MX RRset has a very fresh 30-day signature, coincidence? > > $ dig -t mx harte-lyne.ca > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37087 > ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 > ;harte-lyne.ca. IN MX > harte-lyne.ca. MX 30 inet08.hamilton.harte-lyne.ca. > harte-lyne.ca. MX 40 inet18.mississauga.harte-lyne.ca. > harte-lyne.ca. MX 50 inet04.mississauga.harte-lyne.ca. > harte-lyne.ca. MX 70 mx70.harte-lyne.ca. > harte-lyne.ca. MX 90 mx90.harte-lyne.ca. > harte-lyne.ca. RRSIG MX 8 2 172800 20150118062039 > 20141219062039 1410 harte-lyne.ca. <sig-bits> > > could there have been problems with signature freshness at the > time? Perhaps AOL is using a validating resolver that queries the > ISC DLV? >
I am about to board so forgive the presentation. We are in direct consultation with CIRA re the matter of DLV and our DS hosting. Our registrar has been dragging their feet WRT to the .ca tld but have numerous domains with them so moving simply to get a DS record would be a heavy expense. Cannot say what is causing the AOL issue mainly because I lack anything much in the way of practical experience in the matter. Got to got. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
