[dns-operations] DNSSEC Signatures failed in Top-Level Domain fr.
vincent.levigneron at afnic.fr
Mon May 4 20:22:14 UTC 2020
Hi all, I'm on it. Sorry to be so brief in this message, we have to fix
it. New zones with new RRSIG have just been released, It should be
le 04 mai, Viktor Dukhovni a ?crit :
> On Mon, May 04, 2020 at 09:35:26PM +0200, Martin Wismer wrote:
> > I noticed, that the DNSSEC signed Domains under top-Level Domain fr.
> > failed since about 4 hours.
> Indeed, there does seem to be a problem with expired DS RR signatures.
> A random sample of 1000 .fr child domains (out of 398,564 total known
> to me signed .fr domains) returns DS lookup ServFail for 205 of them.
> The associated RRSIG expiration times are:
> 204 20200504145605
> 1 20200504174835
> We can estimate the standard-deviation at ~sqrt(n*p*q) or ~13, so
> the 3-sigma interval is roughly 16% to 24% of the DS RRSIGs are
> now expired, affecting ~80k signed domains.
> > Could anybody please fix this?
> I sent a Twitter message to "Vincent Levigneron", but likely some AFNIC
> folks are on this list.
> > Does anybody else also noticed this?
> Yes. See above.
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
Vincent Levigneron A.F.N.I.C. Vincent.Levigneron at afnic.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
More information about the dns-operations