On Mon, Apr 29, 2024 at 5:13 PM Mark Andrews wrote: > > I prefer to only name and shame when I’m 100% sure of the target.
I was only trying to understand why I was getting a SERVFAIL, there was no intention to name & shame. Regards, Lee "name & shame" was not my intent. > > -- > Mark Andrews > > > On 30 Apr 2024, at 06:56, Lee <ler...@gmail.com> wrote: > > > > On Sun, Apr 28, 2024 at 7:56 PM Mark Andrews wrote: > >> > >> It isn’t DNSSEC. It’s a badly configured DNS server that is claiming that > >> it serves .com rather than dnssec-analyzer-gslb.verisignlabs.com which is > >> actually delegated to it. > >> > >> % dig dnssec-analyzer-gslb.verisignlabs.com aaaa +trace +all > >> ;; BADCOOKIE, retrying. > >> > >> ; <<>> DiG 9.19.24-dev <<>> dnssec-analyzer-gslb.verisignlabs.com aaaa > >> +trace +all > >> ;; global options: +cmd > >> ;; Got answer: > >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37498 > >> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 27 > > <.. snip lots ..> > > > >> ;; AUTHORITY SECTION: > >> com. 60 IN SOA this.name.is.invalid. hostmaster.this.name.is.invalid. > >> 2023030710 10800 3600 604800 60 > > > > I did a search for "this.name.is.invalid" and the only results I got > > were for F5 support pages - eg. > > The fix in BIG-IP DNS 14.1.0 introduces a new setting, > > wideip-zone-nameserver, which defaults the WideIP zone nameserver to > > this.name.is.invalid. > > > > Wouldn't a badly configured F5 server be a better explanation? > > > > Thanks > > Lee > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
