[dns-operations] DNSKEY signatures expired 6 days ago for xn--mgbx4cd0ab (Malaysia IDN)
Viktor Dukhovni
ietf-dane at dukhovni.org
Sun Apr 9 19:05:25 UTC 2017
> On Apr 9, 2017, at 2:12 PM, Jaap Akkerhuis <jaap at NLnetLabs.nl> wrote:
>
>> http://dnsviz.net/d/example.xn--mgbx4cd0ab/WOpnNQ/dnssec/
>
> Yeah, I mailed dnsdmin some day ago abiut it, no reaction.
Perhaps the TLD is reserved, but unused. I have a cumulative
list of the Alexa 1 million domains that includes every domain
listed there over the last ~3 years. This list has 4.3 million
domains, and not a single "xn--mgbx4cd0ab" (مليسيا) sub-domain.
Indeed the NSEC3 RR for "example.xn--mgbx4cd0ab" shows as much:
3UNL13CRI0VN4JCSEIISHJ70HORHKT4U.xn--mgbx4cd0ab. NSEC3 1 1 10 CDE5EA 3UNL13CRI0VN4JCSEIISHJ70HORHKT4U NS SOA RRSIG DNSKEY NSEC3PARAM
The hash of the zone apex "xn--mgbx4cd0ab" with the above parameters
is "3unl13cri0vn4jcseiishj70horhkt4u", and the NSEC3 record confirms
that the zone contains no non-apex records.
Perhaps it is not surprising that empty zones don't get much operator
attention.
--
Viktor.
More information about the dns-operations
mailing list