[dns-operations] [Dnssec-deployment] DNSSEC validation failures for .KE
alice at dotafrica.org
Tue Mar 31 17:29:48 UTC 2015
Thank you Dr. Lisse.
Here is what I got from Kenic
Early today in the morning we noted unavailability of .ke domains. Most
.ke domains were not available and new domain registered had propagation
This was caused by DNSSec setup revoking DNSKEYS a month earlier than
the DNSKEY scheduled expiry date, making the DNSKEY unavailable in the
We have since resolved the issue and domains should be available now.
To ensure this does not happen in future we have disable Auto-DNSSec
maintenance and we we will be maintaining DNSSec manually.
Incase you are still experiencing any issues kindly send us an email.
email: support at kenic.or.ke <mailto:support at kenic.or.ke>
We sincerely apologise for any inconveniences caused"
On 31/03/2015 15:12, Dr Eberhard Lisse wrote:
> Their web site, when reached under the IP
> shows some numbers differing from the whois...
> greetings, el
> On 2015-03-31 13:37, Anand Buddhdev wrote:
>> Wouter Wijngaards just alerted me to validation failures for .KE
>> (Kenya). I tried to call KENIC, but their phone numbers are all
>> If anyone has local contacts in Kenya or nearby, please alert
>> Their current DS record points to a key that has the revoke bit
>> set, but it is no longer signing the DNSKEY rrset.
>> Anand Buddhdev RIPE NCC
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations