[dns-operations] Pending Removal of 3 Negative Trust Anchors @ Comcast

[Livingood, Jason]

Since there's been a bunch of discussion about this IETF document lately - http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01

Per http://www.dnssec.comcast.net/

- Jason

Upcoming Removal of Three Negative Trust Anchors
Monday, May 21, 2012

Comcast plans to remove three separate Negative Trust Anchors<http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01> for the domains bayfieldelectric.com, bitcoinica.com, and fbo.gov. These will be removed on Tuesday, May 29, 2012. In each case these Negative Trust Anchors were put in place at the request of our customers. Good faith efforts to contact each domain and resolve these problems have been made. The responsibility for properly configured DNS records<http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01#section-5> lies with domain administrators. The details for each domain are as follows:

  *   bayfieldelectric.com
- Negative Trust Anchor added 2/29/12
- Issue appears due to the presence of DS records in the .com TLD, indicating a signed domain, but the domain itself is unsigned
- DNSViz report at http://dnsviz.net/d/bayfieldelectric.com/T7Xw4A/dnssec/
  *   bitcoinica.com
- Negative Trust Anchor added 1/22/12
- Issue appears due to the presence of DS records in the .com TLD, indicating a signed domain, but the domain itself is unsigned
- DNSViz report at http://dnsviz.net/d/bitcoinica.com/T7ZW9Q/dnssec/
  *   fbo.gov
- Negative Trust Anchor added 4/23/12
- Issue appears due to expired keys in the domain
- DNSViz report at http://dnsviz.net/d/fbo.gov/T7YMCQ/dnssec/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120521/15ac7112/attachment.html>