[dns-operations] Missing DS change within a rollover on a few .GOV domains?

Fri Sep 25 23:54:49 UTC 2015

Thanks Mark,
I already sent an email there, but i was wondering if there was someone
else closer over here.

Anyway, since i sent the email seems like they changed the DS records for
both zones.

Although I must be honest that I don't know if there still are other
domains on the same issue as this one.

Kind regards,
Mauricio

On Fri, Sep 25, 2015 at 4:46 PM, Mark Andrews <marka at isc.org> wrote:

>
> Whois is you friend though the whois for .gov itself is a joke.
>
> % DOTGOV WHOIS Server ready
>    Domain Name: DOTGOV.GOV
>    Status: ACTIVE
>
> >>> Last update of whois database: 2015-09-25T23:37:39Z <<<
> Please be advised that this whois server only contains information
> pertaining
> to the .GOV domain. For information for other domains please use the whois
> server at RS.INTERNIC.NET.
>
> IANA at least maintains good whois data.
>
> domain:       GOV
>
> organisation: General Services Administration
> organisation: Attn: QTDC, 2E08 (.gov Domain Registration)
> address:      10304 Eaton Place
> address:      Fairfax Virginia 22030
> address:      United States
>
> contact:      administrative
> name:         Program Manager
> organisation: General Services Administration, Office of Governmentwide
> Policy
> address:      One Constitution Square
> address:      1275 First Street,NE
> address:      Washington, DC 20417
> address:      United States
> phone:        +1 202 501 0282
> e-mail:       lee.ellis at gsa.gov
>
> contact:      technical
> name:         Registry Customer Service
> organisation: Verisign, Inc.
> address:      12061 Bluemont Way
> address:      Reston Virginia 20190
> address:      United States
> phone:        +1 877 734 4688
> fax-no:       +1 540 301 0160
> e-mail:       registrar at dotgov.gov
>
> If there is a delegation problem with a .gov domain send it to the
> .gov administrators.  They can then do the leg work to fix the
> problem.  That said this looks like it has already been addressed.
>
> If gov or dotgov.gov is broken you will need to phone.
>
> In message <CAAk_VVgeNrpzhfyejTKdFOBw2VWe5_iPZCbt1ebSZEJrN=
> C+qQ at mail.gmail.com>
> , Mauricio Vergara Ereche writes:
> >
> > Hi there!
> >
> > It seems like some .gov domains have done a key rollover on these auth
> > servers:
> >
> > authns1.centurylink.net.
> > authns2.centurylink.net.
> > tpsns11.terrenap.net.
> > tpsns12.terrenap.net.
> > But they didn't change DS records before on the parent zone!
> >
> > There are at least 2 domains out there (state.gov as well as
> usembassy.gov)
> > that have different DS records on the parent which doesn't match with the
> > DNSKEYs
> >
> > ...and those TTLs on the zones itself are not helping very much :-(
>
> Most recursive servers will trim those to about a week.
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
>

-- 
Mauricio Vergara Ereche
Los Angeles, CA
http://mave.cero32.cl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150925/3a9f2c78/attachment.html>