[dns-operations] 172.in-addr.arpa DNSSEC broken

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue May 20 20:22:13 UTC 2014


On Tue, May 20, 2014 at 04:14:27PM -0400,
 Jared Mauch <jared at puck.nether.net> wrote 
 a message of 20 lines which said:

> > http://dnsviz.net/d/16.172.in-addr.arpa
> 
> Is this perhaps related to AS112 project as well or 172.16 zones
> being built-in to some resolvers?

The OP made a small typo in the URL. The problem is indeed in
172.in-addr.arpa (botched rollover, it seems, old KSK 30729 removed
from the zone while the DS was - is - still in many caches).

http://dnsviz.net/d/172.in-addr.arpa/U3tYdw/dnssec/

I wonder when DNSSEC will be taken seriously, and the rollovers done
by properly written and tested programs :-(



More information about the dns-operations mailing list