It's not the only reason. There are also delegations to inaccessible DNS servers for internal-only zones.
-
-
Ah, gotcha. This makes perfect sense, thanks!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Two types of busted DNS: 1. CAA intolerance: DNS server drops CAA queries or replies with SERVFAIL or NOTIMP instead of a successful empty response. TXT record would solve this. 2. http://internal.example.com 's NS server is e.g. 10.1.1.10. TXT record wouldn't fix.
-
Currently, the BRs require fail close if the zone is DNSSEC-signed. This has been a huge fiasco, because no off-the-shelf DNS resolver makes it easy to tell if a zone is DNSSEC-signed. CAs came up with a variety of creative solutions.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.