[dns-operations] .ag outage

Jeroen Massar jeroen at massar.ch
Fri Nov 27 13:17:16 UTC 2020



> On 20201127, at 13:40, Matthew Richardson <matthew-l at itconsult.co.uk> wrote:
> 
> DNSvis has recorded two entries for hoevelmann.ag.  Whilst the latest one
> looks OK, the previous one:-
> 
> https://dnsviz.net/d/hoevelmann.ag/X8DXeQ/dnssec/
> 
> is showing an amount of bogusness.


Apparently Afilias, the registry of .ag, messed up something related to DNSSEC:

At least according to:
https://twitter.com/aw93053/status/1332298822404497410

Which is why most people missing the +dnssec option to dig will have had fine results, but Google Public DNS will fail (as it should) as it verifies sigs.


This is also, when people report something, including data (dig outputs, traceroute, dnsviz, zonemaster checks) as that gives a view from that vantage point.


Now in this case... where are the Afilias folks and their write-up what went wrong (nothing at https://twitter.com/Afilias either)


Greets,
 Jeroen





More information about the dns-operations mailing list