BastilleBSD 
Reviewing DNS logs and noticed that `vuxml.freebsd.org` fails DNSSEC validation but `matrix-dev.freebsd.org` passes.
Can anyone else confirm or is my software buggy?
patpro@BastilleBSD seems good, from here: https://dnsviz.net/d/vuxml.freebsd.org/dnssec/ (just a protocol error)
But the final destination web.geo.freebsd.org is not secure.
But the final destination web.geo.freebsd.org is not secure.
پویان Pouyan @BastilleBSD DNSViz is your friend:
vuxml.freebsd.org: https://dnsviz.net/d/vuxml.freebsd.org/dnssec/matrix-dev.freebsd.org: https://dnsviz.net/d/matrix-dev.freebsd.org/dnssec/
matrix-dev subdomain is in the same freebsd.org gone, but vuxml is a CNAME to a name in geo.freebsd.org which is not secured:
geo.freebsd.org: https://dnsviz.net/d/geo.freebsd.org/dnssec/
I could also confirm this over dns.google: only matrix-dev has AD flag set and returned RRSIGs.
In any case freebsd.org does not respond on UDP as it should.
@BastilleBSD btw which software are you using for monitoring? Looks pretty nice
@i The screenshot is from some custom software that I haven't yet released.
It's a custom zero-trust DNS-to-DoH caching forwarder with DNSSEC validation, domain and IP filtering and a bunch of other goodies. Written in Rust.
@BastilleBSD Sounds very interesting! Looking forward to a public release