[dns-operations] .org dnssec issue?

Peter van Dijk peter.van.dijk at powerdns.com
Fri Apr 7 20:27:47 UTC 2017

On 6 Feb 2017, at 14:44, Peter van Dijk wrote:

> The NSEC3 indeed says a DS should be there, but there is none. 
> Incidentally whois says the domain is ‘unsigned’.
> This is indeed a .org issue, looks like a signer bug.

For those who care, this .org bug remains unfixed. I keep getting 
reports, roughly weekly, of domains going bogus in .org after DS 
removal, because DS remains in the NSEC3 bitmap.

Here is a dnsviz snapshot from an affected domain yesterday: 

There is no known workaround for a domain owner. This issue 
unsurprisingly also affects .info.

Here is a different .info bug from a month ago as well: 

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the dns-operations mailing list