[dns-operations] Missing DS change within a rollover on a few .GOV domains?

Mark Andrews marka at isc.org
Fri Sep 25 23:46:29 UTC 2015


Whois is you friend though the whois for .gov itself is a joke.

% DOTGOV WHOIS Server ready
   Domain Name: DOTGOV.GOV
   Status: ACTIVE

>>> Last update of whois database: 2015-09-25T23:37:39Z <<<
Please be advised that this whois server only contains information pertaining
to the .GOV domain. For information for other domains please use the whois
server at RS.INTERNIC.NET.

IANA at least maintains good whois data.

domain:       GOV

organisation: General Services Administration
organisation: Attn: QTDC, 2E08 (.gov Domain Registration)
address:      10304 Eaton Place
address:      Fairfax Virginia 22030
address:      United States

contact:      administrative
name:         Program Manager
organisation: General Services Administration, Office of Governmentwide Policy
address:      One Constitution Square
address:      1275 First Street,NE
address:      Washington, DC 20417
address:      United States
phone:        +1 202 501 0282
e-mail:       lee.ellis at gsa.gov

contact:      technical
name:         Registry Customer Service
organisation: Verisign, Inc.
address:      12061 Bluemont Way
address:      Reston Virginia 20190
address:      United States
phone:        +1 877 734 4688
fax-no:       +1 540 301 0160
e-mail:       registrar at dotgov.gov

If there is a delegation problem with a .gov domain send it to the
.gov administrators.  They can then do the leg work to fix the
problem.  That said this looks like it has already been addressed.

If gov or dotgov.gov is broken you will need to phone.

In message <CAAk_VVgeNrpzhfyejTKdFOBw2VWe5_iPZCbt1ebSZEJrN=C+qQ at mail.gmail.com>
, Mauricio Vergara Ereche writes:
> 
> Hi there!
> 
> It seems like some .gov domains have done a key rollover on these auth
> servers:
> 
> authns1.centurylink.net.
> authns2.centurylink.net.
> tpsns11.terrenap.net.
> tpsns12.terrenap.net.
> But they didn't change DS records before on the parent zone!
> 
> There are at least 2 domains out there (state.gov as well as usembassy.gov)
> that have different DS records on the parent which doesn't match with the
> DNSKEYs
> 
> ...and those TTLs on the zones itself are not helping very much :-(

Most recursive servers will trim those to about a week.
 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list