Nov 29 – 30, 2021
UTC timezone
OARC 36 Day 1 - begins 14:00 UTC Today 29 November

Lightning Talk: NSEC breakage survey

Nov 30, 2021, 2:55 PM
Lightning Talk Online Workshop OARC 36 Day 2


Petr Špaček (Internet Systems Consortium (ISC))


Some DNS authoritative servers provide incorrect proofs of non-existence which correctly DNSSEC-validate but deny existence of data which actually do exist in the zone. Consequently, this causes silent resolution failures on resolvers which implement aggressive use of DNSSEC-validated cache (RFC 8198).

This talk aims to provide very short glimpse to where the breakage can be found in wild on the Internet.

Primary author

Petr Špaček (Internet Systems Consortium (ISC))

Presentation materials