Does anyone know of a contact of someone (presumably at Webex/Cisco) who can take a look at the DNS for webex.com?
It has been for some time now, logging a lot of DNSSEC warnings on my resolver:
dnssec: validating external-media75.public.wnrtm-a-2.prod.infra.webex.com/NSEC: no valid signature found: 1 Time(s)
dnssec: validating external-media75.public.wsinm-a-3.prod.infra.webex.com/NSEC: no valid signature found: 1 Time(s)
dnssec: validating external-media78.public.wbomm-a-2.prod.infra.webex.com/NSEC: no valid signature found: 1 Time(s)
dnssec: validating external-media8.public.wnrtm-a-2.prod.infra.webex.com/NSEC: no valid signature found: 1 Time(s)
(and a whole lot more hostnames in the same domain). Some basic DNSSec analysis indicates something in the middle of the trust chain is broken:
It looks to me like the subdomains have DS records but the other parts of the subdomain don't and I guess there's no point in having DS records on host records, if the parent domain doesn't have them too.
I wouldn't bother if it was one or two entries, but it looks like the whole domain is affected and this probably is a fairly widely utilised domain.
Thanks,
Reuben