[dns-operations] So many DS records for icann.org

Terry Manderson terry.manderson at icann.org
Tue Aug 11 20:42:19 UTC 2015


Morishita-san,

It does seem strange at face value.

But all is under control. :)

We are taking a very methodical approach for moving the ICANN.ORG zone
from an old set of DNSSEC infrastructure to new infrastructure due to the
tango with registry locks and also in light of the (global political?)
importance of the ICANN.ORG zone right now.

That move results in some DS bloat for the time being.

Cheers
Terry

On 11/08/2015 11:56 pm, Yasuhiro Orange Morishita <yasuhiro at jprs.co.jp>
wrote:
>
>Hello,
>
>I've found so many DS records for icann.org <http://icann.org> in org
>zone.
>It seems to be strange.
>
>$ dig +short icann.org <http://icann.org> ds
>41334 7 1 49D712CF7A8984B7545FDC7E69D7372782339B3A
>18060 7 2 6BE021818B9F10ED981A03ACBF74F01E31FB15C58680AD0C4BAA464B
>F37A7523
>17248 7 1 88151C40E4673E7023E6AD1902A8AE055F3DDF61
>41643 7 2 B8AB67D895E62087F0C5FC5A1A941C67A18E4B096F6C622AEFAE30DD
>7B1EA199
>17248 7 2 885CF8A6CF35FD5C619E1D48B59AFB23063BBA9FEC52FF25F99094CB
>A10910A2
>32134 7 2 6C321409786B95BEEE60E6D42F3713ACC3A9B5D18442091A792FBDD1
>EA8E4655
>41643 7 1 93358DB22E956A451EB5AE8D2EC39526CA6A87B9
>18060 7 1 04CF77A76FD328458005D2B35E416F209A3420A0
>41334 7 2 C299FAF7D6F9BCB310200ECF2EA216A2E83F7ACB15C8D72D79641FA8
>DFACF9A9
>32134 7 1 3D54D51109645E8315F59790B920323D361B065F
>
>There are ten (five sets) DS records.
>But valid DS are only two (one set), key id = 18060.
>
><http://dnsviz.net/d/icann.org/VcnJ3Q/dnssec/>
>
>-- Orange
>_______________________________________________
>dns-operations mailing list
>dns-operations at lists.dns-oarc.net
>https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>dns-jobs mailing list
>https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6343 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150811/8dfa3159/attachment.bin>


More information about the dns-operations mailing list