Dangling NS Records (NS records without SOA
when "_selector._domainkey.zone.com IN TXT aaa-select-aaa" at ns.vali.email
when "_domainkey.zone.com IN NS ns.vali.email"
NS in question is ns.vali.email but yet, its a valid NS record and server, and does return the _domainkey TXT record selector value.
'description': 'Dangling NS Records (NS records without SOA)', 'confidence': 'POSSIBLE', 'signature': 'N/A', 'indicator': 'DNSWalk Analysis', 'trigger': 'ns.vali.email', 'module': 'NS
I only saw on this one type so far.
I dont believe there is a mis-configuration at the NS layer, or at the initiating zone layer.
This could be setup in a lab. I only hesitate to add a real public record here because of misuse.
I tested against 2 legit zones and selector records.
Thanks.