[dns-operations] DNSSEC resolution failure for the "مصر" TLD (xn--wgbh1c)
Viktor Dukhovni
ietf-dane at dukhovni.org
Thu Jul 27 00:24:56 UTC 2023
On Mon, Jul 24, 2023 at 09:13:30AM +0000, Manal Ismail wrote:
> We are in the middle of updating the records .. The update is
> currently pending one approval .. Once done, today, all problems will
> hopefully be fixed ..
Congratulations, looks much better now:
https://dnsviz.net/d/xn--wgbh1c/ZMG2OA/dnssec/
The only minor nit is that in addition to a SHA256 key hash DS RR your
DS RRset also includes a SHA-1 key hash DS RR.
$ dig +noidnout +noall +ans +nottl +nosplit -t ds xn--wgbh1c
xn--wgbh1c. IN DS 65350 13 2 5ECE34228C4114FC455E07F4BB4B3DF8B501D874C4A4070ACBB378F41F17A0E5
xn--wgbh1c. IN DS 65350 13 1 746DD718F1BDAE3B4F2578767C4B47A039501641
Though additional SHA-1 DS records do not break anything, they also are
deprecated, no longer needed, and are best not published. At your
convenience, I'd like to recommend pruning the DS RRset to just:
xn--wgbh1c. IN DS 65350 13 2 5ECE34228C4114FC455E07F4BB4B3DF8B501D874C4A4070ACBB378F41F17A0E5
--
Viktor.
More information about the dns-operations
mailing list