Bug 272521

Summary: geo.freebsd.org: no DS RR
Product: Services Reporter: (intentionally left blank) <throwaway_vthgwq4>
Component: FTP/WWW Sites & MirrorsAssignee: FreeBSD Mirror Admin <mirror-admin>
Status: Closed Works As Intended    
Severity: Affects Some People CC: philip
Priority: ---    
Version: unspecified   
Hardware: Any   
OS: Any   

Description (intentionally left blank) 2023-07-15 18:27:06 UTC 
https://dnsviz.net/d/git.freebsd.org/dnssec/

$ drill -D SSHFP git.FreeBSD.org
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 42054
;; flags: qr rd ra ; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0

$ ssh -o VerifyHostKeyDNS=yes anongit@git.FreeBSD.org
The authenticity of host 'git.freebsd.org (2604:1380:4091:a001::24ca:1)' can't be established.
ED25519 key fingerprint is SHA256:y1ljKrKMD3lDObRUG3xJ9gXwEIuqnh306tSyFd1tuZE.
Matching host key fingerprint found in DNS.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C
Comment 1 Philip Paeps freebsd_committer freebsd_triage 2023-07-17 02:52:17 UTC 
We know.

gdnsd does not support DNSSEC.

As soon as that gets implemented upstream, we'll add a DS record.