[dns-operations] verisigninc.com

Chris Thompson cet1 at cam.ac.uk
Wed Jun 27 13:29:56 UTC 2012


On Jun 27 2012, Stephane Bortzmeyer wrote:

>> > verisigninc.com/DNSKEY: DS RRs exist for algorithm(s) 8 in the com
>> > zone, but no matching DNSKEYs of algorithm(s) 8 were used to sign
>> > the verisigninc.com DNSKEY RRset.
>
>Indeed, the DS goes to key 24570, while the DNSKEY RRset is signed
>only with KSK 64326 and ZSK 48824.
>
>Nice DNSviz graph.

Looks like the DS record has been updated to refer to the KSK 64326 now.
A bit of "rndc flushname verisigninc.com" made the domain resolve again.

-- 
Chris Thompson               University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk    New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715       United Kingdom.



More information about the dns-operations mailing list