[dns-operations] So many DS records for icann.org

Terry Manderson terry.manderson at icann.org
Thu Aug 13 01:11:58 UTC 2015


I sent this yesterday.. but it didn't seem to make it.

so resending.. 

T.

On 12/08/2015 6:42 am, "Terry" <terry.manderson at icann.org> wrote:

>Morishita-san,
>
>It does seem strange at face value.
>
>But all is under control. :)
>
>We are taking a very methodical approach for moving the ICANN.ORG zone
>from an old set of DNSSEC infrastructure to new infrastructure due to the
>tango with registry locks and also in light of the (global political?)
>importance of the ICANN.ORG zone right now.
>
>That move results in some DS bloat for the time being.
>
>Cheers
>Terry
>
>On 11/08/2015 11:56 pm, Yasuhiro Orange Morishita <yasuhiro at jprs.co.jp>
>wrote:
>>
>>Hello,
>>
>>I've found so many DS records for icann.org <http://icann.org> in org
>>zone.
>>It seems to be strange.
>>
>>$ dig +short icann.org <http://icann.org> ds
>>41334 7 1 49D712CF7A8984B7545FDC7E69D7372782339B3A
>>18060 7 2 6BE021818B9F10ED981A03ACBF74F01E31FB15C58680AD0C4BAA464B
>>F37A7523
>>17248 7 1 88151C40E4673E7023E6AD1902A8AE055F3DDF61
>>41643 7 2 B8AB67D895E62087F0C5FC5A1A941C67A18E4B096F6C622AEFAE30DD
>>7B1EA199
>>17248 7 2 885CF8A6CF35FD5C619E1D48B59AFB23063BBA9FEC52FF25F99094CB
>>A10910A2
>>32134 7 2 6C321409786B95BEEE60E6D42F3713ACC3A9B5D18442091A792FBDD1
>>EA8E4655
>>41643 7 1 93358DB22E956A451EB5AE8D2EC39526CA6A87B9
>>18060 7 1 04CF77A76FD328458005D2B35E416F209A3420A0
>>41334 7 2 C299FAF7D6F9BCB310200ECF2EA216A2E83F7ACB15C8D72D79641FA8
>>DFACF9A9
>>32134 7 1 3D54D51109645E8315F59790B920323D361B065F
>>
>>There are ten (five sets) DS records.
>>But valid DS are only two (one set), key id = 18060.
>>
>><http://dnsviz.net/d/icann.org/VcnJ3Q/dnssec/>
>>
>>-- Orange
>>_______________________________________________
>>dns-operations mailing list
>>dns-operations at lists.dns-oarc.net
>>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>dns-jobs mailing list
>>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>>
>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6343 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150813/668d0b7a/attachment.bin>


More information about the dns-operations mailing list