[dns-operations] [Dnssec-deployment] DNSSEC validation failures for .KE

Alice Munyua alice at dotafrica.org
Tue Mar 31 17:29:48 UTC 2015

Thank you Dr. Lisse.
Here is what I got from Kenic

Early today in the morning we noted unavailability of .ke domains. Most 
.ke domains were not available and new domain registered had propagation 

This was caused by DNSSec setup  revoking DNSKEYS a month earlier than 
the DNSKEY scheduled expiry date, making the DNSKEY unavailable in the 
.ke zone.

We have since resolved the issue and domains should be available now.

To ensure this does not happen in future we have disable Auto-DNSSec 
maintenance and  we we will be maintaining DNSSec manually.

Incase you are still experiencing any issues kindly send us an email.

email: support at kenic.or.ke <mailto:support at kenic.or.ke>

We sincerely apologise for any inconveniences caused"

Best regards

On 31/03/2015 15:12, Dr Eberhard Lisse wrote:
> Their web site, when reached under the IP
> shows some numbers differing from the whois...
> greetings, el
> On 2015-03-31 13:37, Anand Buddhdev wrote:
>> Wouter Wijngaards just alerted me to validation failures for .KE
>> (Kenya).  I tried to call KENIC, but their phone numbers are all
>> unreachable.
>> If anyone has local contacts in Kenya or nearby, please alert
>> them!
>> http://dnsviz.net/d/ke/VRp4ag/dnssec/
>> Their current DS record points to a key that has the revoke bit
>> set, but it is no longer signing the DNSKEY rrset.
>> Regards,
>> Anand Buddhdev RIPE NCC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150331/66fb45e7/attachment.html>

More information about the dns-operations mailing list