Was looking into issues with DNS/resolving issues for a domain hosted with Network Solutions, LLC (`worldnic.com` nameservers).
Seems like I've stepped into a sh•t hole full of incompetence with that provider. 😳
I've seen DNSSEC bogus responses, missing RRSIGs, superfluous DNSKEYs in responses, invalid negative responses causing false negative cache entries... #dnssec
And yet this is a huge domain hosting provider.
> 4th largest .com domain name registrar [August 2018, Wikipedia]
Jeez. Why.
This is going on for *years*. It's their f••••••g primary product feature: hosting domains. And they can't do that. SMH.
Common symptom: you can't verify your domain when lookups are DNSSEC-validated, e.g. with Let's Encrypt.
Good lord, this #dnssec issue still exists with the ignorant #networksolutions broken hosting.
How on earth are they still in business? 😒
The only option appears to be to let customers disable DNSSEC. :facepalm:
@gertvdijk
Regarding the question of why they are still a major registrar, I suspect this is closely linked to the history of the original gTLDs (including com).
Network Solutions was the registry operator in the early days as well as the sole registrar! Only later the model was changed to allow competition through multiple registrars.
Ie, I think you are largely just observing the effects of inertia in that regard...
@hlindqvist Yeah, I guess. Hysterical raisins strike again.
It's unfortunate that DNSSEC is still not common in the US and domain owners are complaining we block them or we have issues on our recursors. 😒
Gert van Dijk
Håkan Lindqvist