[dns-operations] DNSKEY signatures expired 6 days ago for xn--mgbx4cd0ab (Malaysia IDN)

Viktor Dukhovni ietf-dane at dukhovni.org
Sun Apr 9 19:05:25 UTC 2017


> On Apr 9, 2017, at 2:12 PM, Jaap Akkerhuis <jaap at NLnetLabs.nl> wrote:
> 
>> http://dnsviz.net/d/example.xn--mgbx4cd0ab/WOpnNQ/dnssec/
> 
> Yeah, I mailed dnsdmin some day ago abiut it, no reaction.

Perhaps the TLD is reserved, but unused.  I have a cumulative
list of the Alexa 1 million domains that includes every domain
listed there over the last ~3 years.  This list has 4.3 million
domains, and not a single "xn--mgbx4cd0ab" (مليسيا) sub-domain.

Indeed the NSEC3 RR for "example.xn--mgbx4cd0ab" shows as much:

3UNL13CRI0VN4JCSEIISHJ70HORHKT4U.xn--mgbx4cd0ab. NSEC3 1 1 10 CDE5EA 3UNL13CRI0VN4JCSEIISHJ70HORHKT4U  NS SOA RRSIG DNSKEY NSEC3PARAM

The hash of the zone apex "xn--mgbx4cd0ab" with the above parameters
is "3unl13cri0vn4jcseiishj70horhkt4u", and the NSEC3 record confirms
that the zone contains no non-apex records.

Perhaps it is not surprising that empty zones don't get much operator
attention.

-- 
	Viktor.





More information about the dns-operations mailing list