[dns-operations] .org dnssec issue?
Peter van Dijk
peter.van.dijk at powerdns.com
Fri Apr 7 20:27:47 UTC 2017
On 6 Feb 2017, at 14:44, Peter van Dijk wrote:
> The NSEC3 indeed says a DS should be there, but there is none.
> Incidentally whois says the domain is ‘unsigned’.
>
> This is indeed a .org issue, looks like a signer bug.
For those who care, this .org bug remains unfixed. I keep getting
reports, roughly weekly, of domains going bogus in .org after DS
removal, because DS remains in the NSEC3 bitmap.
Here is a dnsviz snapshot from an affected domain yesterday:
http://dnsviz.net/d/digidoc4j.org/WOYxhQ/dnssec/
There is no known workaround for a domain owner. This issue
unsurprisingly also affects .info.
Here is a different .info bug from a month ago as well:
http://dnsviz.net/d/www.michiganorganizer.info/WMnilQ/dnssec/
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dns-operations
mailing list