28 Sep
2007
28 Sep
'07
1:45 p.m.
yes... lessons learned. thanks once again - we would be not aware of this ns @ ripe... Andrzej Bartosiewicz tel: +48 22 380 8395 tel: +1 (310) 817 6567 ENUM: 0.7.5.1.4.2.6.0.6.8.4.e164.arpa skype: abartosiewicz On Fri, 28 Sep 2007, Jaap Akkerhuis wrote:
this domain is signed, ALL servers respond with DNSSEC data EXCEPT the RIPE server which do not support DNSSEC....
so if you resolve domains from 8.4.e164.arpa zone using RIPE server, you can't get DNSSEC enabled answers.
we will remove ns.ripe.net and the problem will be solved today.
Ah, I might have hit that one, I just only tried it once. But there is at least one lesson in this: you make sure al servers support DNSSEC when you roll it out.
jaap