nic.mx fails to validate (on current master)

DNSSEC data seems OK, according to other resolvers and http://dnsviz.net/d/nic.mx/dnssec/

[resl]   => querying: '200.23.1.1' score: 10 zone cut: 'mx.' m12n: 'nIC.Mx.' type: 'A' proto: 'udp'
[iter]   <= using glue for 'i.mx-ns.mx.': '207.248.68.1'
[iter]   <= using glue for 'x.mx-ns.mx.': '201.131.252.1'
[iter]   <= using glue for 'e.mx-ns.mx.': '189.201.244.1'
[iter]   <= using glue for 'o.mx-ns.mx.': '200.23.1.1'
[iter]   <= using glue for 'c.mx-ns.mx.': '192.100.224.1'
[iter]   <= using glue for 'c.mx-ns.mx.': '2001:1258::1'
[iter]   <= using glue for 'm.mx-ns.mx.': '200.94.176.1'
[iter]   <= using glue for 'm.mx-ns.mx.': '2001:13c7:7000::1'
[iter]   <= referral response, follow
[vldr]   <= couldn't validate RRSIGs

It tries to validate even though the delegation is insecure. The query for nic.mx. DS +dnssec is correctly validated as NODATA, but interestingly the AD flag is not set in this case.

nic.uk seems the very same case. I think it happens on a zone cut where both zones are served by the same servers, and the upper zone is signed and lower zone unsigned. That's probably a relatively uncommon combination.

changed milestone to %1.2.0 release

added ~457 label

But IN NS nic.uk still SERVFAILs:

$ dig +dnssec +time=60 +retry=1 -p 50762 @::1 IN NS nic.uk
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 21388
;; Flags: qr rd ra; QUERY: 1; ANSWER: 8; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: Unused

;; QUESTION SECTION:
;; nic.uk.             		IN	NS

;; ANSWER SECTION:
nic.uk.             	172800	IN	NS	nsa.nic.uk.
nic.uk.             	172800	IN	NS	nsb.nic.uk.
nic.uk.             	172800	IN	NS	nsc.nic.uk.
nic.uk.             	172800	IN	NS	nsd.nic.uk.
nic.uk.             	172800	IN	NS	dns1.nic.uk.
nic.uk.             	172800	IN	NS	dns2.nic.uk.
nic.uk.             	172800	IN	NS	dns3.nic.uk.
nic.uk.             	172800	IN	NS	dns4.nic.uk.

;; Received 183 B
;; Time 2017-01-15 21:18:45 CET
;; From ::1@50762(UDP) in 443.0 ms

And the clean cache log:

[    0][plan] plan 'nic.uk.' type 'NS'
[48317][iter]   'nic.uk.' type 'NS' id was assigned, parent id 0
[48317][plan]   plan 'm.root-servers.net.' type 'AAAA'
[39532][iter]     'm.root-servers.net.' type 'AAAA' id was assigned, parent id 48317
[39532][resl]     >< TA: '.'
[39532][resl]     => querying: '2001:500:9f::42' score: 10 zone cut: '.' m12n: 'NeT.' type: 'NS' proto: 'udp'
[39532][iter]     <= using glue for 'a.gtld-servers.net.': '192.5.6.30'
[39532][iter]     <= using glue for 'a.gtld-servers.net.': '2001:503:a83e::2:30'
[39532][iter]     <= using glue for 'b.gtld-servers.net.': '192.33.14.30'
[39532][iter]     <= using glue for 'b.gtld-servers.net.': '2001:503:231d::2:30'
[39532][iter]     <= using glue for 'c.gtld-servers.net.': '192.26.92.30'
[39532][iter]     <= using glue for 'd.gtld-servers.net.': '192.31.80.30'
[39532][iter]     <= using glue for 'e.gtld-servers.net.': '192.12.94.30'
[39532][iter]     <= using glue for 'f.gtld-servers.net.': '192.35.51.30'
[39532][iter]     <= using glue for 'g.gtld-servers.net.': '192.42.93.30'
[39532][iter]     <= using glue for 'h.gtld-servers.net.': '192.54.112.30'
[39532][iter]     <= using glue for 'i.gtld-servers.net.': '192.43.172.30'
[39532][iter]     <= using glue for 'j.gtld-servers.net.': '192.48.79.30'
[39532][iter]     <= using glue for 'k.gtld-servers.net.': '192.52.178.30'
[39532][iter]     <= using glue for 'l.gtld-servers.net.': '192.41.162.30'
[39532][iter]     <= using glue for 'm.gtld-servers.net.': '192.55.83.30'
[39532][iter]     <= referral response, follow
[39532][vldr]     <= DS: OK
[39532][vldr]     <= answer valid, OK
[39532][resl]     <= server: '2001:500:9f::42' rtt: 11 ms
[34030][iter]     'm.root-servers.net.' type 'AAAA' id was assigned, parent id 48317
[34030][plan]     plan 'net.' type 'DNSKEY'
[ 6438][iter]       'net.' type 'DNSKEY' id was assigned, parent id 34030
[ 6438][resl]       => querying: '192.55.83.30' score: 10 zone cut: 'net.' m12n: 'nEt.' type: 'DNSKEY' proto: 'udp'
[ 6438][iter]       <= rcode: NOERROR
[ 6438][vldr]       <= parent: updating DNSKEY
[ 6438][vldr]       <= answer valid, OK
[ 6438][resl]       <= server: '192.55.83.30' rtt: 65 ms
[25019][iter]     'm.root-servers.net.' type 'AAAA' id was assigned, parent id 48317
[25019][resl]     => querying: '192.41.162.30' score: 10 zone cut: 'net.' m12n: 'roOT-seRvERS.Net.' type: 'NS' proto: 'udp'
[25019][iter]     <= using glue for 'a.root-servers.net.': '198.41.0.4'
[25019][iter]     <= using glue for 'a.root-servers.net.': '2001:503:ba3e::2:30'
[25019][iter]     <= using glue for 'h.root-servers.net.': '198.97.190.53'
[25019][iter]     <= using glue for 'h.root-servers.net.': '2001:500:1::53'
[25019][iter]     <= using glue for 'c.root-servers.net.': '192.33.4.12'
[25019][iter]     <= using glue for 'c.root-servers.net.': '2001:500:2::c'
[25019][iter]     <= using glue for 'g.root-servers.net.': '192.112.36.4'
[25019][iter]     <= using glue for 'f.root-servers.net.': '192.5.5.241'
[25019][iter]     <= using glue for 'f.root-servers.net.': '2001:500:2f::f'
[25019][iter]     <= using glue for 'b.root-servers.net.': '192.228.79.201'
[25019][iter]     <= using glue for 'b.root-servers.net.': '2001:500:84::b'
[25019][iter]     <= using glue for 'j.root-servers.net.': '192.58.128.30'
[25019][iter]     <= using glue for 'j.root-servers.net.': '2001:503:c27::2:30'
[25019][iter]     <= using glue for 'k.root-servers.net.': '193.0.14.129'
[25019][iter]     <= using glue for 'k.root-servers.net.': '2001:7fd::1'
[25019][iter]     <= using glue for 'l.root-servers.net.': '199.7.83.42'
[25019][iter]     <= using glue for 'l.root-servers.net.': '2001:500:9f::42'
[25019][iter]     <= using glue for 'm.root-servers.net.': '2001:dc3::35'
[25019][iter]     <= using glue for 'm.root-servers.net.': '202.12.27.33'
[25019][iter]     <= using glue for 'i.root-servers.net.': '192.36.148.17'
[25019][iter]     <= using glue for 'i.root-servers.net.': '2001:7fe::53'
[25019][iter]     <= using glue for 'e.root-servers.net.': '192.203.230.10'
[25019][iter]     <= using glue for 'd.root-servers.net.': '199.7.91.13'
[25019][iter]     <= using glue for 'd.root-servers.net.': '2001:500:2d::d'
[25019][iter]     <= referral response, follow
[25019][vldr]     <= DS doesn't exist, going insecure
[25019][vldr]     <= parent: updating DS
[25019][vldr]     <= answer valid, OK
[25019][resl]     <= server: '192.41.162.30' rtt: 187 ms
[56079][iter]     'm.root-servers.net.' type 'AAAA' id was assigned, parent id 48317
[56079][resl]     => querying: '2001:7fd::1' score: 10 zone cut: 'root-servers.net.' m12n: 'M.rOot-seRvers.NET.' type: 'AAAA' proto: 'udp'
[56079][iter]     <= using glue for 'a.root-servers.net.': '2001:503:ba3e::2:30'
[56079][iter]     <= using glue for 'a.root-servers.net.': '198.41.0.4'
[56079][iter]     <= using glue for 'b.root-servers.net.': '2001:500:84::b'
[56079][iter]     <= using glue for 'b.root-servers.net.': '192.228.79.201'
[56079][iter]     <= using glue for 'c.root-servers.net.': '2001:500:2::c'
[56079][iter]     <= using glue for 'c.root-servers.net.': '192.33.4.12'
[56079][iter]     <= using glue for 'd.root-servers.net.': '2001:500:2d::d'
[56079][iter]     <= using glue for 'd.root-servers.net.': '199.7.91.13'
[56079][iter]     <= using glue for 'e.root-servers.net.': '2001:500:a8::e'
[56079][iter]     <= using glue for 'e.root-servers.net.': '192.203.230.10'
[56079][iter]     <= using glue for 'f.root-servers.net.': '2001:500:2f::f'
[56079][iter]     <= using glue for 'f.root-servers.net.': '192.5.5.241'
[56079][iter]     <= using glue for 'g.root-servers.net.': '2001:500:12::d0d'
[56079][iter]     <= using glue for 'g.root-servers.net.': '192.112.36.4'
[56079][iter]     <= using glue for 'h.root-servers.net.': '2001:500:1::53'
[56079][iter]     <= using glue for 'h.root-servers.net.': '198.97.190.53'
[56079][iter]     <= using glue for 'i.root-servers.net.': '2001:7fe::53'
[56079][iter]     <= using glue for 'i.root-servers.net.': '192.36.148.17'
[56079][iter]     <= using glue for 'j.root-servers.net.': '2001:503:c27::2:30'
[56079][iter]     <= using glue for 'j.root-servers.net.': '192.58.128.30'
[56079][iter]     <= using glue for 'k.root-servers.net.': '2001:7fd::1'
[56079][iter]     <= using glue for 'k.root-servers.net.': '193.0.14.129'
[56079][iter]     <= using glue for 'l.root-servers.net.': '2001:500:9f::42'
[56079][iter]     <= using glue for 'l.root-servers.net.': '199.7.83.42'
[56079][iter]     <= using glue for 'm.root-servers.net.': '2001:dc3::35'
[56079][iter]     <= using glue for 'm.root-servers.net.': '202.12.27.33'
[56079][iter]     <= rcode: NOERROR
[56079][resl]     <= server: '2001:7fd::1' rtt: 36 ms
[60798][iter]   'nic.uk.' type 'NS' id was assigned, parent id 0
[60798][resl]   => querying: '2001:dc3::35' score: 31 zone cut: '.' m12n: 'uk.' type: 'NS' proto: 'udp'
[60798][iter]   <= using glue for 'dns2.nic.uk.': '103.49.80.1'
[60798][iter]   <= using glue for 'dns2.nic.uk.': '2401:fd80:400::1'
[60798][iter]   <= using glue for 'nsd.nic.uk.': '156.154.103.3'
[60798][iter]   <= using glue for 'dns4.nic.uk.': '43.230.48.1'
[60798][iter]   <= using glue for 'dns4.nic.uk.': '2401:fd80:404::1'
[60798][iter]   <= using glue for 'nsc.nic.uk.': '156.154.102.3'
[60798][iter]   <= using glue for 'dns3.nic.uk.': '213.248.220.1'
[60798][iter]   <= using glue for 'dns3.nic.uk.': '2a01:618:404::1'
[60798][iter]   <= using glue for 'nsa.nic.uk.': '156.154.100.3'
[60798][iter]   <= using glue for 'nsa.nic.uk.': '2001:502:ad09::3'
[60798][iter]   <= using glue for 'nsb.nic.uk.': '156.154.101.3'
[60798][iter]   <= using glue for 'dns1.nic.uk.': '213.248.216.1'
[60798][iter]   <= using glue for 'dns1.nic.uk.': '2a01:618:400::1'
[60798][iter]   <= referral response, follow
[60798][vldr]   <= DS: OK
[60798][vldr]   <= answer valid, OK
[60798][resl]   <= server: '2001:dc3::35' rtt: 31 ms
[20882][iter]   'nic.uk.' type 'NS' id was assigned, parent id 0
[20882][plan]   plan 'uk.' type 'DNSKEY'
[26694][iter]     'uk.' type 'DNSKEY' id was assigned, parent id 20882
[26694][resl]     => querying: '2401:fd80:404::1' score: 10 zone cut: 'uk.' m12n: 'uK.' type: 'DNSKEY' proto: 'udp'
[26694][iter]     <= rcode: NOERROR
[26694][vldr]     <= parent: updating DNSKEY
[26694][vldr]     <= answer valid, OK
[26694][resl]     <= server: '2401:fd80:404::1' rtt: 54 ms
[62507][iter]   'nic.uk.' type 'NS' id was assigned, parent id 0
[62507][resl]   => querying: '43.230.48.1' score: 10 zone cut: 'uk.' m12n: 'nIc.Uk.' type: 'NS' proto: 'udp'
[62507][iter]   <= rcode: NOERROR
[62507][vldr]   >< cut changed, needs revalidation
[62507][resl]   <= server: '43.230.48.1' rtt: 55 ms
[62507][resl]   => resuming yielded answer
[    0][resl] finished: 8, queries: 3, mempool: 65600 B

mentioned in merge request !140 (merged)

www.nic.mx still SERVFAILs:

$ dig +dnssec +multi +time=60 +retry=1 -p 33172 @::1 IN A www.nic.mx
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 44943
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; www.nic.mx.         	 IN A

;; Received 28 B
;; Time 2017-01-16 13:55:08 CET
;; From ::1@33172(UDP) in 1042.5 ms

and clean cache log:

[    0][plan] plan 'www.nic.mx.' type 'A'
[37813][iter]   'www.nic.mx.' type 'A' id was assigned, parent id 0
[37813][resl]   => using root hints
[24085][iter]   'www.nic.mx.' type 'A' id was assigned, parent id 0
[24085][plan]   plan '.' type 'DNSKEY'
[36997][iter]     '.' type 'DNSKEY' id was assigned, parent id 24085
[36997][resl]     => querying: '2001:dc3::35' score: 10 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
[36997][iter]     <= rcode: NOERROR
[36997][vldr]     <= parent: updating DNSKEY
[36997][vldr]     <= answer valid, OK
[36997][resl]     <= server: '2001:dc3::35' rtt: 18 ms
[22594][iter]   'www.nic.mx.' type 'A' id was assigned, parent id 0
[22594][resl]   => querying: '2001:500:9f::42' score: 10 zone cut: '.' m12n: 'MX.' type: 'NS' proto: 'udp'
[22594][iter]   <= using glue for 'c.mx-ns.mx.': '192.100.224.1'
[22594][iter]   <= using glue for 'c.mx-ns.mx.': '2001:1258::1'
[22594][iter]   <= using glue for 'e.mx-ns.mx.': '189.201.244.1'
[22594][iter]   <= using glue for 'i.mx-ns.mx.': '207.248.68.1'
[22594][iter]   <= using glue for 'm.mx-ns.mx.': '200.94.176.1'
[22594][iter]   <= using glue for 'm.mx-ns.mx.': '2001:13c7:7000::1'
[22594][iter]   <= using glue for 'o.mx-ns.mx.': '200.23.1.1'
[22594][iter]   <= using glue for 'x.mx-ns.mx.': '201.131.252.1'
[22594][iter]   <= referral response, follow
[22594][vldr]   <= DS: OK
[22594][vldr]   <= answer valid, OK
[22594][resl]   <= server: '2001:500:9f::42' rtt: 1 ms
[54630][iter]   'www.nic.mx.' type 'A' id was assigned, parent id 0
[54630][plan]   plan 'mx.' type 'DNSKEY'
[55471][iter]     'mx.' type 'DNSKEY' id was assigned, parent id 54630
[55471][resl]     => querying: '201.131.252.1' score: 10 zone cut: 'mx.' m12n: 'MX.' type: 'DNSKEY' proto: 'udp'
[55471][iter]     <= rcode: NOERROR
[55471][vldr]     <= parent: updating DNSKEY
[55471][vldr]     <= answer valid, OK
[55471][resl]     <= server: '201.131.252.1' rtt: 20 ms
[58383][iter]   'www.nic.mx.' type 'A' id was assigned, parent id 0
[58383][resl]   => querying: '200.23.1.1' score: 10 zone cut: 'mx.' m12n: 'nic.mX.' type: 'NS' proto: 'udp'
[58383][iter]   <= rcode: NOERROR
[58383][iter]   <= found cut, retrying with non-minimized name
[58383][resl]   <= server: '200.23.1.1' rtt: 137 ms
[  319][iter]   'www.nic.mx.' type 'A' id was assigned, parent id 0
[  319][resl]   => querying: '2001:13c7:7000::1' score: 10 zone cut: 'mx.' m12n: 'www.niC.MX.' type: 'A' proto: 'udp'
[  319][iter]   <= rcode: NOERROR
[  319][iter]   <= cname chain, following
[    0][plan] plan 'www.nicmexico.mx.' type 'A'
[  319][vldr]   >< cut changed, needs revalidation
[  319][resl]   <= server: '2001:13c7:7000::1' rtt: 137 ms
[41296][iter]   'www.nicmexico.mx.' type 'A' id was assigned, parent id 0
[25154][iter]   'www.nicmexico.mx.' type 'A' id was assigned, parent id 0
[25154][resl]   => querying: '200.94.176.1' score: 10 zone cut: 'mx.' m12n: 'NiCMExico.mx.' type: 'NS' proto: 'udp'
[25154][iter]   <= rcode: NOERROR
[25154][iter]   <= found cut, retrying with non-minimized name
[25154][resl]   <= server: '200.94.176.1' rtt: 165 ms
[41004][iter]   'www.nicmexico.mx.' type 'A' id was assigned, parent id 0
[41004][resl]   => querying: '2001:13c7:7000::1' score: 137 zone cut: 'mx.' m12n: 'www.nICMeXico.mX.' type: 'A' proto: 'udp'
[41004][iter]   <= using glue for 'm.mx-ns.mx.': '200.94.176.1'
[41004][iter]   <= using glue for 'm.mx-ns.mx.': '2001:13c7:7000::1'
[41004][iter]   <= using glue for 'c.mx-ns.mx.': '192.100.224.1'
[41004][iter]   <= using glue for 'c.mx-ns.mx.': '2001:1258::1'
[41004][iter]   <= using glue for 'o.mx-ns.mx.': '200.23.1.1'
[41004][iter]   <= using glue for 'x.mx-ns.mx.': '201.131.252.1'
[41004][iter]   <= using glue for 'i.mx-ns.mx.': '207.248.68.1'
[41004][iter]   <= using glue for 'e.mx-ns.mx.': '189.201.244.1'
[41004][iter]   <= referral response, follow
[41004][vldr]   >< cut changed, needs revalidation
[41004][resl]   <= server: '2001:13c7:7000::1' rtt: 138 ms
[41004][plan]   plan 'nicmexico.mx.' type 'DS'
[53163][iter]     'nicmexico.mx.' type 'DS' id was assigned, parent id 41004
[30866][iter]     'nicmexico.mx.' type 'DS' id was assigned, parent id 41004
[30866][resl]     => querying: '200.23.1.1' score: 137 zone cut: 'mx.' m12n: 'NiCmexICo.MX.' type: 'DS' proto: 'udp'
[30866][iter]     <= rcode: NOERROR
[30866][vldr]     <= DS: OK
[30866][vldr]     <= parent: updating DS
[30866][vldr]     <= answer valid, OK
[30866][resl]     <= server: '200.23.1.1' rtt: 137 ms
[41004][plan]   plan 'nicmexico.mx.' type 'DNSKEY'
[20916][iter]     'nicmexico.mx.' type 'DNSKEY' id was assigned, parent id 41004
[20916][resl]     => querying: '207.248.68.1' score: 10 zone cut: 'nicmexico.mx.' m12n: 'nIcmeXiCO.mx.' type: 'DNSKEY' proto: 'udp'
[20916][iter]     <= rcode: NOERROR
[20916][vldr]     <= parent: updating DNSKEY
[20916][vldr]     <= answer valid, OK
[20916][resl]     <= server: '207.248.68.1' rtt: 149 ms
[41004][resl]   => resuming yielded answer
[41004][vldr]   <= answer valid, OK
[43658][iter]   'www.nicmexico.mx.' type 'A' id was assigned, parent id 0
[43658][resl]   => querying: '200.23.1.1' score: 137 zone cut: 'nicmexico.mx.' m12n: 'wWW.nIcmEXiCO.MX.' type: 'A' proto: 'udp'
[43658][iter]   <= rcode: NOERROR
[43658][vldr]   <= answer valid, OK
[43658][resl]   <= server: '200.23.1.1' rtt: 136 ms
[  319][plan]   plan 'nicmexico.mx.' type 'DS'
[51492][iter]     'nicmexico.mx.' type 'DS' id was assigned, parent id 319
[51492][ rc ]     => satisfied from cache
[51492][iter]     <= rcode: NOERROR
[51492][vldr]     <= DS: OK
[51492][vldr]     <= parent: updating DS
[51492][vldr]     <= answer valid, OK
[  319][plan]   plan 'nicmexico.mx.' type 'DNSKEY'
[27896][iter]     'nicmexico.mx.' type 'DNSKEY' id was assigned, parent id 319
[27896][ rc ]     => satisfied from cache
[27896][iter]     <= rcode: NOERROR
[27896][vldr]     <= parent: updating DNSKEY
[27896][vldr]     <= answer valid, OK
[  319][resl]   => resuming yielded answer
[  319][vldr]   <= couldn't validate RRSIGs
[    0][resl] finished: 8, queries: 7, mempool: 65600 B

It seems that nic.mx is not signed, but www.nixmexico.mx is signed and all of those domains are distributed from the same set of namervers (mx., nic.mx., and nicmexico.mx.).

Even simpler case (IN CNAME www.nic.mx. query):

[    0][plan] plan 'www.nic.mx.' type 'CNAME'
[47494][iter]   'www.nic.mx.' type 'CNAME' id was assigned, parent id 0
[47494][resl]   => using root hints
[ 9333][iter]   'www.nic.mx.' type 'CNAME' id was assigned, parent id 0
[ 9333][plan]   plan '.' type 'DNSKEY'
[58708][iter]     '.' type 'DNSKEY' id was assigned, parent id 9333
[58708][resl]     => querying: '2001:dc3::35' score: 10 zone cut: '.' m12n: '.' type: 'DNSKEY' proto: 'udp'
[58708][iter]     <= rcode: NOERROR
[58708][vldr]     <= parent: updating DNSKEY
[58708][vldr]     <= answer valid, OK
[58708][resl]     <= server: '2001:dc3::35' rtt: 18 ms
[52908][iter]   'www.nic.mx.' type 'CNAME' id was assigned, parent id 0
[52908][resl]   => querying: '2001:500:9f::42' score: 10 zone cut: '.' m12n: 'Mx.' type: 'NS' proto: 'udp'
[52908][iter]   <= using glue for 'c.mx-ns.mx.': '192.100.224.1'
[52908][iter]   <= using glue for 'c.mx-ns.mx.': '2001:1258::1'
[52908][iter]   <= using glue for 'e.mx-ns.mx.': '189.201.244.1'
[52908][iter]   <= using glue for 'i.mx-ns.mx.': '207.248.68.1'
[52908][iter]   <= using glue for 'm.mx-ns.mx.': '200.94.176.1'
[52908][iter]   <= using glue for 'm.mx-ns.mx.': '2001:13c7:7000::1'
[52908][iter]   <= using glue for 'o.mx-ns.mx.': '200.23.1.1'
[52908][iter]   <= using glue for 'x.mx-ns.mx.': '201.131.252.1'
[52908][iter]   <= referral response, follow
[52908][vldr]   <= DS: OK
[52908][vldr]   <= answer valid, OK
[52908][resl]   <= server: '2001:500:9f::42' rtt: 1 ms
[46221][iter]   'www.nic.mx.' type 'CNAME' id was assigned, parent id 0
[46221][plan]   plan 'mx.' type 'DNSKEY'
[50962][iter]     'mx.' type 'DNSKEY' id was assigned, parent id 46221
[50962][resl]     => querying: '201.131.252.1' score: 10 zone cut: 'mx.' m12n: 'mx.' type: 'DNSKEY' proto: 'udp'
[50962][iter]     <= rcode: NOERROR
[50962][vldr]     <= parent: updating DNSKEY
[50962][vldr]     <= answer valid, OK
[50962][resl]     <= server: '201.131.252.1' rtt: 19 ms
[12743][iter]   'www.nic.mx.' type 'CNAME' id was assigned, parent id 0
[12743][resl]   => querying: '200.23.1.1' score: 10 zone cut: 'mx.' m12n: 'NIC.mx.' type: 'NS' proto: 'udp'
[12743][iter]   <= rcode: NOERROR
[12743][iter]   <= found cut, retrying with non-minimized name
[12743][resl]   <= server: '200.23.1.1' rtt: 137 ms
[ 8066][iter]   'www.nic.mx.' type 'CNAME' id was assigned, parent id 0
[ 8066][resl]   => querying: '2001:13c7:7000::1' score: 10 zone cut: 'mx.' m12n: 'WWW.NIC.mx.' type: 'CNAME' proto: 'udp'
[ 8066][iter]   <= rcode: NOERROR
[ 8066][vldr]   >< cut changed, needs revalidation
[ 8066][resl]   <= server: '2001:13c7:7000::1' rtt: 137 ms
[ 8066][resl]   => resuming yielded answer
[    0][resl] finished: 8, queries: 2, mempool: 49200 B

closed via commit 824a7b3b

closed via merge request !140 (merged)

mentioned in commit 824a7b3b