[dns-operations] fbi.gov sigs expired

Jan-Piet Mens jpmens.dns at gmail.com
Fri Nov 11 20:25:20 UTC 2011


> And it's a 3-day weekend in the US, too.  Nice.

Somebody has fixed it:

$ dig +multiline +dnssec fbi.gov soa

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 13

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;fbi.gov.		IN SOA

;; ANSWER SECTION:
fbi.gov.		250 IN SOA ns1.fbi.gov. dns-admin.fbi.gov. (
				2011111101 ; serial
				7200       ; refresh (2 hours)
				3600       ; retry (1 hour)
				2592000    ; expire (4 weeks 2 days)
				43200      ; minimum (12 hours)
				)
fbi.gov.		250 IN RRSIG SOA 7 2 300 20120209180640 (
				20111111180640 58969 fbi.gov.
				f4/naIRtQxUPOJ3P3p8c1qe5Yi9XHya4v0J3mCmk6H1P
				xLNJ6dMns5PwDe5vLHemBKbzZCMiiFPSx62XULdmI3/T
				hlfDjSCxl1GLJ5T/R8TlzFcBwo7cK2gar2wu1Bfl709k
				UojiGQaFW5Hy5UInCipOYrhdZxQIo81Ro52KGn4= )

There are lots of 1s in the inception date -- haven't counted them. ;-)

        -JP



More information about the dns-operations mailing list