[dns-operations] fbi.gov sigs expired [was:Trend/ISC DNS Changer takedown]

CHui chui at lbl.gov
Fri Nov 11 19:44:36 UTC 2011

Would this be some cache issue?   It was just replaced today 2011-11-11
18:06:40 UTC


mon 57 @ dig +dnssec +noall +comment +answer www.fbi.gov
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32412
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 14, ADDITIONAL: 23
; EDNS: version: 0, flags: do; udp: 4096
www.fbi.gov.            230     IN      CNAME   www.fbi.gov.c.footprint.net.
www.fbi.gov.            230     IN      RRSIG   CNAME 7 3 300 20120209180640
20111111180640 58969 fbi.gov.
P02D2No2+Fbe+Mo9oYMvSPhNDQwCScclT9oiUCHj4fdCySwdI7tkNBfa OS4=
www.fbi.gov.c.footprint.net. 160 IN     A
www.fbi.gov.c.footprint.net. 160 IN     A
www.fbi.gov.c.footprint.net. 160 IN     A

-----Original Message-----
From: dns-operations-bounces at mail.dns-oarc.net
[mailto:dns-operations-bounces at mail.dns-oarc.net] On Behalf Of Dobbins,
Sent: Friday, November 11, 2011 11:27 AM
To: dns-operations at mail.dns-oarc.net
Subject: Re: [dns-operations] fbi.gov sigs expired [was:Trend/ISC DNS
Changer takedown]

On Nov 12, 2011, at 1:01 AM, Chris Thompson wrote:

> Well, no. It seems that the DNSSEC signatures on the fbi.gov zone expired
2011-11-10 17:37:26 UTC and have not yet been replaced ... :-(

And it's a 3-day weekend in the US, too.  Nice.

I guess DNSSEC sig expiry is the new neglected domain renewal.


Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde

dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-jobs mailing list

More information about the dns-operations mailing list