It appears that Niels Bakker <niels=nanog@bakker.net> said:
* nanog@nanog.org (Dennis Burgess via NANOG) [Fri 15 Mar 2024, 16:26 CET]:
So have *.app.linktechs.net that I have been trying to get to work, we have DNSSEC on this, and its failing, but cannot for the life of me understand why. I think it may have something to do with proving it exists as a wildcard, but any DNSSEC experts want to take a stab at it ?
There are better mailing lists to ask this question (like dns-operations at dns-oarc.net) but have you checked https://dnsviz.net/d/www.app.linktechs.net/dnssec/ ?
I agree there are better places to ask, but here's a quick diagnosis: your nameserver is returning the wrong answer. What kind of server is it? Any modern nameserver should automatically return the correct DNSSEC stuff for wildcard responses. R's, John