DANE broken @ addons.mozilla.org?

Viktor Dukhovni ietf-dane at dukhovni.org
Tue Oct 13 22:19:55 CEST 2015


On Tue, Oct 13, 2015 at 08:02:35PM +0000, Viktor Dukhovni wrote:

> On Tue, Oct 13, 2015 at 09:42:37PM +0200, Andreas Pothe wrote:
> 
> > Can you confirm that addons.mozilla.org has a broken DANE entry?
> 
> No, not DANE, in fact no TLSA records published).  Rather, they
> have DNS nameserver issues:
> 
>     http://dnsviz.net/d/_443._tcp.addons.mozilla.net/dnssec/
> 
> The akamai nameservers are returning non-authoritative NXDOMAIN
> responses with no SOA record!  The responses should be authoritative
> and have an SOA.

Mind you, the above is generally tolerated.  The other issue reported
by dnsviz is that one of the servers may have and EDNS0 UDP MTU
issue.

-- 
	Viktor.


More information about the dane-users mailing list