[dns-operations] Signatures expired in 54.in-addr.arpa
Chris Thompson
cet1 at cam.ac.uk
Sat Apr 20 20:07:32 UTC 2013
On Apr 20 2013, I wrote:
>The RRSIG records in 54.in-addr.arpa have expired, at 2013-04-19 00:00:30 UTC.
>
>http://dnssec-debugger.verisignlabs.com/54.in-addr.arpa confirms this.
>
>dns-ops at arin.net (SOA.rname for the zone) cc'd.
>
>This particular zone seems to have a jinx on it - it was the one for
>which the DS and DNSKEY records got out of step in December 2011.
A more detailed inspection suggests that the zone had never been updated
at all since the start of the 10-day validity period of the RRSIGs.
I got a really rapid reply from Pete Toscano at ARIN, and there's now a
new version, generated today, on the ARIN nameservers. Unfortunately, this
one has a mismatch between the DNSKEY records and the DS in the parent
zone - i.e. we are back in the December 2011 scenario.
Jinxed, indeed... :-(
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list