[dns-operations] Speaking of fixing things...
Brian Dickson
brian.peter.dickson at gmail.com
Fri Oct 30 17:46:36 UTC 2020
Hi, Victor,
Would you mind checking the list for domains with broken signed delegations
to anything matching *.domaincontrol.com (GoDaddy's nameservers), including
categorization (e.g. lame NS, vs non-lame NS with broken signature)?
My suspicion is there may be a bunch of lame delegations, and knowing which
TLDs (and if possible domains!) would be greatly appreciated.
Cleaning up lame delegations is neither easy nor fast, but we do want to
actually clean them up.
(The root issue is there is currently no path for the delegatee to get the
lame delegation removed. None. Nada. :-( )
Thanks,
Brian
On Thu, Oct 29, 2020 at 10:59 PM Viktor Dukhovni <ietf-dane at dukhovni.org>
wrote:
> I have a list of ~69k domain names with extant DS RRsets, where the
> DNSKEY RRset has been either unavailable or failing validation for 180
> days or more (92k domains if the bar is set to 90 days). These span 439
> TLDs! Of these domains, ~30k are simply lame and zone apex NS lookups
> fail even with CD=1. The remaining ~39k likely have DNSSEC-specific
> misconfiguration.
>
> The top 25 TLDs by count of long-term dead signed delegations are:
>
> 24742 com
> 9258 nl
> 5357 se
> 4553 cz
> 2897 net
> 2763 eu
> 2044 pl
> 1661 org
> 1070 no
> 1035 hu
> 992 fr
> 916 nu
> 731 uk
> 701 info
> 594 be
> 562 ch
> 557 xyz
> 552 de
> 421 es
> 349 sk
> 346 dk
> 321 app
> 282 io
> 250 biz
> 240 pt
>
> If any of the TLDs have policies that allow the deadwood to be delisted
> (still registered, but not delegated) I can provide the list of
> domains... It would be nice to see less breakage in the live zones.
>
> --
> Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20201030/bbe505c9/attachment.html>
More information about the dns-operations
mailing list