I see it as broken at home on my validating BIND instance (I get SERVFAIL).
Interesting (at least to me) - checking 8.8.8.8 and 1.1.1.1 I get A records back just fine. However no ‘ad’ flag (using dig). Other DNSSEC signed zones still give ad off quad-8/quad-1 though. So perhaps a dumb question - could Google and Cloudflare be hitting some kind of “manual overrride” to not validate a given zone - i.e. human intervention / look the other way ? Or is there a more technical explanation that I could be missing ? _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
