cet1 at cam.ac.uk
Wed Jun 27 13:29:56 UTC 2012
On Jun 27 2012, Stephane Bortzmeyer wrote:
>> > verisigninc.com/DNSKEY: DS RRs exist for algorithm(s) 8 in the com
>> > zone, but no matching DNSKEYs of algorithm(s) 8 were used to sign
>> > the verisigninc.com DNSKEY RRset.
>Indeed, the DS goes to key 24570, while the DNSKEY RRset is signed
>only with KSK 64326 and ZSK 48824.
>Nice DNSviz graph.
Looks like the DS record has been updated to refer to the KSK 64326 now.
A bit of "rndc flushname verisigninc.com" made the domain resolve again.
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations