[dns-operations] DNSSEC Signatures failed in Top-Level Domain fr.
thomas.dupas at dnsbelgium.be
Mon May 4 20:40:05 UTC 2020
I'll leave it to Vincent/Afnic to answer on this more extensively once there is more clarity, but we noticed it as well a few hours ago for dnsbelgium.fr .
Mail + text message has been sent to Vincent and his colleagues at the time, they were looking into it.
I've been in contact with him again ~30 min ago, to be sure he knew.
They're aware; and working on it, would let them work on the issue at this phase instead of tracking the various channels.
From: dns-operations <dns-operations-bounces at dns-oarc.net> on behalf of Viktor Dukhovni <ietf-dane at dukhovni.org>
Sent: Monday, May 4, 2020 10:23 PM
To: dns-operations at dns-oarc.net <dns-operations at dns-oarc.net>
Subject: Re: [dns-operations] DNSSEC Signatures failed in Top-Level Domain fr.
On Mon, May 04, 2020 at 04:01:41PM -0400, Viktor Dukhovni wrote:
> On Mon, May 04, 2020 at 09:35:26PM +0200, Martin Wismer wrote:
> > I noticed, that the DNSSEC signed Domains under top-Level Domain fr.
> > failed since about 4 hours.
> Indeed, there does seem to be a problem with expired DS RR signatures.
> A random sample of 1000 .fr child domains (out of 398,564 total known
> to me signed .fr domains) returns DS lookup ServFail for 205 of them.
> The associated RRSIG expiration times are:
> 204 20200504145605
> 1 20200504174835
All 205 expired DS RRsets from the initial sample now have a DS RRSIG
with an expiration time of 20200703184136 (retrieved directly from
authoritative .FR servers). So it looks like progress is being made to
dns-operations mailing list
dns-operations at lists.dns-oarc.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations