[dns-operations] .org dnssec issue?

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Feb 7 08:13:07 UTC 2017


On Mon, Feb 06, 2017 at 02:55:16PM +0100,
 Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote 
 a message of 26 lines which said:

> It seems so. The DS record for geant.org was removed yesterday,
> around 2017-02-05 20:00:00 UTC. It seems that the technique used by
> .org for dynamic signing does not handle this (rare) case very well.

The DS has been put back, thus "solving" this issue (geant.org works
again). I'm amazed that there are still bugs in NSEC3 code of dynamic
signers, but I know it is a very complicated technology.

No communication from Geant or Afilias about the problem. It would be
a nice talk in Madrid :-)




More information about the dns-operations mailing list