[dns-operations] xn--l1acc TLD gone bad already
Chris Thompson
cet1 at cam.ac.uk
Fri Jan 3 14:46:00 UTC 2014
On Sep 6 2013, I wrote:
>On Aug 22 2013, I wrote:
>
>>The TLD "xn--l1acc" (an IDN for Mongolia) which was only added to the root
>>zone last weekend, signed and with a DS right from the outset, seems to
>>have got into trouble already.
>>
>>It looks as if a KSK rollover from a key with id 29566 to one with id 38599
>>has been applied without changing the DS RRset in the root zone.
>
>The mismatched KSK and DS have not changed since then. For a TLD, this
>seems to be taking an inordinately long time to sort out.
Well, if anyone agreed that was "inordinately long", I wonder what they
think of the fact that the same KSK/DS mismatch is still there, three
months on.
Apart from that, all the RRSIGs in the zone expired on 2013-09-20.
One has to feel that the administrators of this TLD should never have
attempted to make it signed, if this is the best they can do.
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk Roger Needham Building, 7 JJ Thomson Avenue,
Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom.
More information about the dns-operations
mailing list