[dns-operations] DNSSEC Signatures failed in Top-Level Domain fr.

Thomas Dupas thomas.dupas at dnsbelgium.be
Mon May 4 20:40:05 UTC 2020


I'll leave it to Vincent/Afnic to answer on this more extensively once there is more clarity, but we noticed it as well a few hours ago for dnsbelgium.fr .
Mail + text message has been sent to Vincent and his colleagues at the time, they were looking into it.
I've been in contact with him again ~30 min ago, to be sure he knew.
They're aware; and working on it, would let them work on the issue at this phase instead of tracking the various channels.

Br,

Thomas
________________________________
From: dns-operations <dns-operations-bounces at dns-oarc.net> on behalf of Viktor Dukhovni <ietf-dane at dukhovni.org>
Sent: Monday, May 4, 2020 10:23 PM
To: dns-operations at dns-oarc.net <dns-operations at dns-oarc.net>
Subject: Re: [dns-operations] DNSSEC Signatures failed in Top-Level Domain fr.

On Mon, May 04, 2020 at 04:01:41PM -0400, Viktor Dukhovni wrote:
> On Mon, May 04, 2020 at 09:35:26PM +0200, Martin Wismer wrote:
>
> > I noticed, that the DNSSEC signed Domains under top-Level Domain fr.
> > failed since about 4 hours.
>
> Indeed, there does seem to be a problem with expired DS RR signatures.
> A random sample of 1000 .fr child domains (out of 398,564 total known
> to me signed .fr domains) returns DS lookup ServFail for 205 of them.
>
> The associated RRSIG expiration times are:
>
>         204 20200504145605
>           1 20200504174835

All 205 expired DS RRsets from the initial sample now have a DS RRSIG
with an expiration time of 20200703184136 (retrieved directly from
authoritative .FR servers).  So it looks like progress is being made to
resolve this.

--
    Viktor.
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.dns-oarc.net%2Fmailman%2Flistinfo%2Fdns-operations&data=02%7C01%7Cthomas.dupas%40dnsbelgium.be%7C73c713e6576e4139ef1f08d7f06a7c1f%7C695195dec0cb447892042a861e60e59c%7C0%7C0%7C637242212694976449&sdata=3JArEIAOPrXR%2BvtgoP5NchrATDpF%2BQYo5OM7Dzc6wXY%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200504/28fb4a02/attachment-0001.html>


More information about the dns-operations mailing list