[dns-operations] Expired DNSSEC signatures in .gov

Patrick, Gregory gpatrick at verisign.com
Sun Sep 2 06:25:11 UTC 2012


Hauke,

Thank you for reporting this to us.  Nodes in our NYC location had fallen behind with applying newest zones. We have corrected the issue and are currently looking into the root cause.



Gregory Patrick
Director
Global Infrastructure Services
gpatrick at verisign.com<mailto:gpatrick at verisign.com>

12061 Bluemont Way, Reston, VA 20190
VerisignInc.com<http://www.verisigninc.com/>



[Verisign(tm)]



On 9/2/12 12:00 AM, "Hauke Lampe" <lampe at hauke-lampe.de<mailto:lampe at hauke-lampe.de>> wrote:


Hello.

Some anycast instances of .gov serve expired signatures:

gov. 172800 IN NS a.gov-servers.net.
gov. 172800 IN NS b.gov-servers.net.
gov. 172800 IN RRSIG NS 7 1 172800 20120901220017 20120827220017 31918 gov. [...]

I get expired signatures from instances near EDGE-FO.NYC3.VERISIGN.COM,
good signatures from SFO and CHI.


Hauke.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120902/cbc6cd2d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 7093064E-A9C6-4352-B996-8012CEFFD780[1].png
Type: image/png
Size: 4058 bytes
Desc: 7093064E-A9C6-4352-B996-8012CEFFD780[1].png
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120902/cbc6cd2d/attachment.png>


More information about the dns-operations mailing list