[dns-operations] [Dnssec-deployment] DNSSEC validation failures for .KE

[Alice Munyua]

Thank you Dr. Lisse.
Here is what I got from Kenic

"
Early today in the morning we noted unavailability of .ke domains. Most 
.ke domains were not available and new domain registered had propagation 
issues.

This was caused by DNSSec setup  revoking DNSKEYS a month earlier than 
the DNSKEY scheduled expiry date, making the DNSKEY unavailable in the 
.ke zone.

We have since resolved the issue and domains should be available now.

To ensure this does not happen in future we have disable Auto-DNSSec 
maintenance and  we we will be maintaining DNSSec manually.

Incase you are still experiencing any issues kindly send us an email.

email: support at kenic.or.ke <mailto:support at kenic.or.ke>

We sincerely apologise for any inconveniences caused"

Best regards
Alice



On 31/03/2015 15:12, Dr Eberhard Lisse wrote:
> Their web site, when reached under the IP
>
> http://198.32.67.18/index.php?option=com_content&view=article&id=107&Itemid=530&catid=78
>
> shows some numbers differing from the whois...
>
> greetings, el
>
>
> On 2015-03-31 13:37, Anand Buddhdev wrote:
>> Wouter Wijngaards just alerted me to validation failures for .KE
>> (Kenya).  I tried to call KENIC, but their phone numbers are all
>> unreachable.
>>
>> If anyone has local contacts in Kenya or nearby, please alert
>> them!
>>
>> http://dnsviz.net/d/ke/VRp4ag/dnssec/
>>
>> Their current DS record points to a key that has the revoke bit
>> set, but it is no longer signing the DNSKEY rrset.
>>
>> Regards,
>>
>> Anand Buddhdev RIPE NCC
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150331/66fb45e7/attachment.html>