Skip to content

nic.mx fails to validate (on current master)

DNSSEC data seems OK, according to other resolvers and http://dnsviz.net/d/nic.mx/dnssec/

[resl]   => querying: '200.23.1.1' score: 10 zone cut: 'mx.' m12n: 'nIC.Mx.' type: 'A' proto: 'udp'
[iter]   <= using glue for 'i.mx-ns.mx.': '207.248.68.1'
[iter]   <= using glue for 'x.mx-ns.mx.': '201.131.252.1'
[iter]   <= using glue for 'e.mx-ns.mx.': '189.201.244.1'
[iter]   <= using glue for 'o.mx-ns.mx.': '200.23.1.1'
[iter]   <= using glue for 'c.mx-ns.mx.': '192.100.224.1'
[iter]   <= using glue for 'c.mx-ns.mx.': '2001:1258::1'
[iter]   <= using glue for 'm.mx-ns.mx.': '200.94.176.1'
[iter]   <= using glue for 'm.mx-ns.mx.': '2001:13c7:7000::1'
[iter]   <= referral response, follow
[vldr]   <= couldn't validate RRSIGs

It tries to validate even though the delegation is insecure. The query for nic.mx. DS +dnssec is correctly validated as NODATA, but interestingly the AD flag is not set in this case.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information