[dns-operations] DNSSEC validation timeout from Afilias TLD
derek.mcumber
derek.mcumber at datamtn.com
Fri May 23 17:26:52 UTC 2014
UPDATE:
The issue is was with the KSK key rotation. Afilias and Verisign have implemented this
process differently.
You can cancel this request.
derek
On 05/23/2014 10:51 AM, derek.mcumber wrote:
> Good Morning:
>
> I have been struggling with a DNSSEC validation error on 9.7.3 and up.
> I am not sure I have an ISC bug or if we have an MTU mismatch near the perimeter
> of the Afilias TLDs.
>
> I would like to see if some of the other DNS operators can validate the issue I am
> experiencing or if this is isolated to a few parts of the US.
>
> I don't know why we wouldn't have caught this earlier.
>
> GOOD: This command pulling DNSKEYs from the verisign .gov TLD works just
> about anywhere
>
> dig +dnssec +tcp pbgc.gov
>
>
> BAD: This command pulling DNSKEYs from the Afilias TLD fails everywhere
>
> dig +dnssec +tcp pbgc.org
>
>
> Can anyone confirm this?
>
--
Derek McUmber
Data Mountain Solutions
derek.mcumber at datamtn.com
703-863-5004
More information about the dns-operations
mailing list