Stéphane Bortzmeyer on Nostr: Analysis of existing CDS/CDNSKEY records in the wild. They are sometimes broken, ...
Analysis of existing CDS/CDNSKEY records in the wild. They are sometimes broken, sometimes in funny ways (authortative name servers not returning the samed CDS...)
Why would a domain in .com publish a CDS (.com does not handle CDS) and a broken one (does not match the keys)?
#DNS #DNSSEC #IETF119
Published at
2024-03-22 06:20:35Event JSON
{
"id": "8171ea01435b7bb2e683aa26de7e59c28376305d383f158a4e79564b230d6e01",
"pubkey": "81e31d02b3d0b97ae960104572e2d79bf26e647a4d82afef56ce2395055364ff",
"created_at": 1711088435,
"kind": 1,
"tags": [
[
"e",
"44590b925d0f3070064e6d940905df4d9ada280331e00144033846ac78b2887c",
"wss://relay.mostr.pub",
"reply"
],
[
"t",
"dns"
],
[
"t",
"dnssec"
],
[
"t",
"ietf119"
],
[
"proxy",
"https://mastodon.gougere.fr/users/bortzmeyer/statuses/112137891702159881",
"activitypub"
]
],
"content": "Analysis of existing CDS/CDNSKEY records in the wild. They are sometimes broken, sometimes in funny ways (authortative name servers not returning the samed CDS...)\n\nWhy would a domain in .com publish a CDS (.com does not handle CDS) and a broken one (does not match the keys)?\n \n#DNS #DNSSEC #IETF119",
"sig": "217566904f3f6c2b33cc8a0e03163509688fffd832a3312ca31c71d556d06ec1a31be3a3d20d0636bea2f08c7ef22bfe4ee03b47d472ea686357a41700a32712"
}
