[dns-operations] Problems with .gov

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Jan 31 15:40:09 UTC 2011

On Mon, Jan 31, 2011 at 03:13:49PM +0000,
 Creighton, Tom <Tom_Creighton at cable.comcast.com> wrote 
 a message of 74 lines which said:

> Anyone else having problems?

For .GOV itself, I notice that the KSK 26079, introduced on Jan 26th,
was retired less than one hour ago (around 1500 UTC), while signatures
of the DNSKEY set, made with it, were still in the caches (the TTL
being one day). This may explain problems.

Other thing that puzzles me, the DNSKEY set is now signed only with
the KSK, not by any ZSK.

Advice from DNSSEC experts? Problem or not?

More information about the dns-operations mailing list