incapdns.net dnssec issue
Sven Van Dyck
sven.van.dyck at dnsbelgium.be
Wed Mar 10 10:59:53 UTC 2021
Imperva/Incapsula which hosts a web application firewall (WAF) with many
customers having a CNAME configured towards a record in their domain,
incapdns.net. Incapsula had very recently DNSSEC configured on this
zone; but last night the RRSIG on the DNSKEY record has expired; leaving
every website behind incapdns.net unreachable for users of a validating
DNS resolver. As a quick solution, Incapsula has removed the DS record
from the parent zone, .net. But, this record is still in many DNS
caches (TTL=1 day).
Therefore, the question if it is possible for validating resolver
maintainers to clear the cache of this DS record for the domain
incapdns.net.
Thanks
--
*Sven Van Dyck*
*System Engineer*
+32 16 28 49 74
*www.dnsbelgium.be* <http://www.dnsbelgium.be/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210310/d61e8c11/attachment.html>
More information about the dns-operations
mailing list