[dns-operations] Algorithm but no signature in .in?

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Mar 27 05:44:53 UTC 2020

Previous message (by thread): [dns-operations] Contingency plans for the next Root KSK Ceremony
Next message (by thread): [dns-operations] Algorithm but no signature in .in?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Some resolvers protest on .in. It seems they have a RSASHA256 key but
no RSASHA256 signatures, thus violating RFC 4035, section 2.2 "There
MUST be an RRSIG for each RRset using at least one DNSKEY of EACH
ALGORITHM".

(Cannot show a nice DNSviz picture, DNSviz seems broken at this time.)

Previous message (by thread): [dns-operations] Contingency plans for the next Root KSK Ceremony
Next message (by thread): [dns-operations] Algorithm but no signature in .in?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dns-operations mailing list