[dns-operations] .gov failing dnssec-validation

staticsafe me at staticsafe.ca
Wed Aug 14 14:37:39 UTC 2013


On Wed, Aug 14, 2013 at 03:31:12PM +0200, Casper Gielen wrote:
> It appears that .gov is failing dnssec-validation.
> The have switched over to a new key (id 7698, alg 8) without uploading a
> new DS to the root.
> -- 
> Casper Gielen <cgielen at uvt.nl> | LIS UNIX
> PGP fingerprint = 16BD 2C9F 8156 C242 F981  63B8 2214 083C F80E 4AF7
> 
> Universiteit van Tilburg | Postbus 90153, 5000 LE
> Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl

Seems to have been fixed.

[root at ferrovax ~]# dig nsa.gov

; <<>> DiG 9.9.3-P2 <<>> nsa.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29761
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nsa.gov.                       IN      A

;; ANSWER SECTION:
nsa.gov.                300     IN      A       65.196.127.226
nsa.gov.                300     IN      A       65.196.127.225

;; AUTHORITY SECTION:
nsa.gov.                82894   IN      NS      dsdn-gh1-uea05.nsa.gov.
nsa.gov.                82894   IN      NS      dsdn-gh1-uea06.nsa.gov.

;; ADDITIONAL SECTION:
dsdn-gh1-uea05.nsa.gov. 82894   IN      A       63.239.67.11
dsdn-gh1-uea06.nsa.gov. 82894   IN      A       63.239.65.41

;; Query time: 229 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Aug 14 07:35:49 PDT 2013
;; MSG SIZE  rcvd: 158

-- 
staticsafe
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
Please don't top post.
Please don't CC! I'm subscribed to whatever list I just posted on.



More information about the dns-operations mailing list