DANE broken @ addons.mozilla.org?

Viktor Dukhovni ietf-dane at dukhovni.org
Tue Oct 13 22:19:55 CEST 2015

On Tue, Oct 13, 2015 at 08:02:35PM +0000, Viktor Dukhovni wrote:

> On Tue, Oct 13, 2015 at 09:42:37PM +0200, Andreas Pothe wrote:
> > Can you confirm that addons.mozilla.org has a broken DANE entry?
> No, not DANE, in fact no TLSA records published).  Rather, they
> have DNS nameserver issues:
>     http://dnsviz.net/d/_443._tcp.addons.mozilla.net/dnssec/
> The akamai nameservers are returning non-authoritative NXDOMAIN
> responses with no SOA record!  The responses should be authoritative
> and have an SOA.

Mind you, the above is generally tolerated.  The other issue reported
by dnsviz is that one of the servers may have and EDNS0 UDP MTU


More information about the dane-users mailing list