[dns-operations] Pending Removal of 3 Negative Trust Anchors @ Comcast
Livingood, Jason
Jason_Livingood at cable.comcast.com
Mon May 21 20:55:10 UTC 2012
Since there's been a bunch of discussion about this IETF document lately - http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01
Per http://www.dnssec.comcast.net/
- Jason
Upcoming Removal of Three Negative Trust Anchors
Monday, May 21, 2012
Comcast plans to remove three separate Negative Trust Anchors<http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01> for the domains bayfieldelectric.com, bitcoinica.com, and fbo.gov. These will be removed on Tuesday, May 29, 2012. In each case these Negative Trust Anchors were put in place at the request of our customers. Good faith efforts to contact each domain and resolve these problems have been made. The responsibility for properly configured DNS records<http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01#section-5> lies with domain administrators. The details for each domain are as follows:
* bayfieldelectric.com
- Negative Trust Anchor added 2/29/12
- Issue appears due to the presence of DS records in the .com TLD, indicating a signed domain, but the domain itself is unsigned
- DNSViz report at http://dnsviz.net/d/bayfieldelectric.com/T7Xw4A/dnssec/
* bitcoinica.com
- Negative Trust Anchor added 1/22/12
- Issue appears due to the presence of DS records in the .com TLD, indicating a signed domain, but the domain itself is unsigned
- DNSViz report at http://dnsviz.net/d/bitcoinica.com/T7ZW9Q/dnssec/
* fbo.gov
- Negative Trust Anchor added 4/23/12
- Issue appears due to expired keys in the domain
- DNSViz report at http://dnsviz.net/d/fbo.gov/T7YMCQ/dnssec/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120521/15ac7112/attachment.html>
More information about the dns-operations
mailing list