13 Oct
2015
13 Oct
'15
10:19 p.m.
On Tue, Oct 13, 2015 at 08:02:35PM +0000, Viktor Dukhovni wrote:
On Tue, Oct 13, 2015 at 09:42:37PM +0200, Andreas Pothe wrote:
Can you confirm that addons.mozilla.org has a broken DANE entry?
No, not DANE, in fact no TLSA records published). Rather, they have DNS nameserver issues:
http://dnsviz.net/d/_443._tcp.addons.mozilla.net/dnssec/The akamai nameservers are returning non-authoritative NXDOMAIN responses with no SOA record! The responses should be authoritative and have an SOA.
Mind you, the above is generally tolerated. The other issue reported by dnsviz is that one of the servers may have and EDNS0 UDP MTU issue.
--
Viktor.