[dns-operations] expired signatures in IP6.ARPA
joe.abley at icann.org
Mon May 16 01:32:15 UTC 2011
As noted earlier on this list (and in private mail by others), there were some validation problems for names in the IP6.ARPA domain due to expired signatures in the IP6.ARPA zone.
Initial remedial action has led to fresh signatures in IP6.ARPA serial 2011022093, relieving the immediate validation difficulties.
We will commence a full post-mortem tomorrow and will publish an incident report including actions to be taken to prevent recurrence. Initial observations suggest that this problem was a combination of (a) a bug in the deployed signer and (b) a monitoring defect which prevented this from being noticed before the signatures expired.
Director DNS Operations, ICANN
More information about the dns-operations