[dns-operations] DNSSEC quality by TLD

Viktor Dukhovni ietf-dane at dukhovni.org
Thu May 17 15:02:07 UTC 2018

> On May 17, 2018, at 10:22 AM, John Levine <johnl at taugh.com> wrote:
> If those numbers are correct, they're really pitiful.  Bank is
> supposed to be a super secure TLD, careful checking of registrants
> to be sure they're real banks, and every delegation is signed.
> I checked, the current zone file has DS for every NS.  How are
> they broken?

Of the 1347 delegations that are failing, 1314 are REFUSED by:    dns1.encirca.us    dns2.encirca.us

So these are presumably parked and not maintained.  The rest are
more diverse, with a bad key roll at e.g.:



More information about the dns-operations mailing list