[dns-operations] xn--l1acc TLD gone bad already

Chris Thompson cet1 at cam.ac.uk
Fri Jan 3 14:46:00 UTC 2014

On Sep 6 2013, I wrote:

>On Aug 22 2013, I wrote:
>>The TLD "xn--l1acc" (an IDN for Mongolia) which was only added to the root
>>zone last weekend, signed and with a DS right from the outset, seems to
>>have got into trouble already.
>>It looks as if a KSK rollover from a key with id 29566 to one with id 38599
>>has been applied without changing the DS RRset in the root zone.
>The mismatched KSK and DS have not changed since then. For a TLD, this
>seems to be taking an inordinately long time to sort out.

Well, if anyone agreed that was "inordinately long", I wonder what they
think of the fact that the same KSK/DS mismatch is still there, three
months on.

Apart from that, all the RRSIGs in the zone expired on 2013-09-20.

One has to feel that the administrators of this TLD should never have
attempted to make it signed, if this is the best they can do.

Chris Thompson               University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk    Roger Needham Building, 7 JJ Thomson Avenue,
Phone: +44 1223 334715       Cambridge CB3 0RB, United Kingdom.

More information about the dns-operations mailing list