[dns-operations] expired signatures in IP6.ARPA

Joe Abley joe.abley at icann.org
Mon May 16 01:32:15 UTC 2011

Hi all,

As noted earlier on this list (and in private mail by others), there were some validation problems for names in the IP6.ARPA domain due to expired signatures in the IP6.ARPA zone.

Initial remedial action has led to fresh signatures in IP6.ARPA serial 2011022093, relieving the immediate validation difficulties.

We will commence a full post-mortem tomorrow and will publish an incident report including actions to be taken to prevent recurrence. Initial observations suggest that this problem was a combination of (a) a bug in the deployed signer and (b) a monitoring defect which prevented this from being noticed before the signatures expired.


Joe Abley
Director DNS Operations, ICANN

More information about the dns-operations mailing list