[dns-operations] Rise in .LV bogus delegations
Viktor Dukhovni
ietf-dane at dukhovni.org
Thu Mar 7 17:54:34 UTC 2019
The DNSSEC delegation by TLD breakdown table (updated daily)
http://stats.dnssec-tools.org/#tldbreakdown
today (for the first time) shows .LV as the TLD with the highest
rate of subdomain DNSKEY resolution failure.
Of the 378 problem domains, 334 are handled by:
234 ns[12].items.lv.
100 ns[123].areait.lv.
The 100 ns[123].areait.lv domains are simple cases of the nameservers
returning "REFUSED" for these domains, for example:
http://dnsviz.net/d/5x5.lv/dnssec/
http://dnsviz.net/d/plantatree.lv/dnssec/
http://dnsviz.net/d/pre.lv/dnssec/
The 234 ns[12].items.lv domains are cases where despite the DS RRset
in the parent .LV zone there is no DNSKEY RRset at the zone apex,
for example:
http://dnsviz.net/d/42.lv/dnssec/
http://dnsviz.net/d/cargo24.lv/dnssec/
http://dnsviz.net/d/runas.lv/dnssec/
Plausibly a recent change in DNS hosting providers, with the DS
records left in place, but no arrangement for key continuity.
--
Viktor.
More information about the dns-operations
mailing list