[dns-operations] slack.com bogus

Peter van Dijk peter.van.dijk at powerdns.com
Thu Sep 30 18:00:33 UTC 2021


normally I would not send an email to dns-operations for a domain that
has gone bogus, but slack.com did something quite interesting today,
that quite looks like a failed attempt to sign, plus a panic withdraw
of that.

Judging from dnsviz, a DS was present in the .com zone for slack.com
around 15:25 UTC today, and records inside slack.com were correctly
signed with the related KSK/ZSK set.

Judging from the DS as I see it coming out of some resolvers, the DS is
about 15 hours old at this point (so, introduced around 03:15 UTC I
think). Those cached DSes still have 10 hours to go.

However, the DS is gone from the .com zone, and the DNSKEYs and RRSIGs
are also gone. Hence, slack.com is Bogus for a big part of the Internet
viewer population.

The text at https://status.slack.com/2021-09/06c1e17de93e7dc2 suggests
to me that Slack might not actually know what's going on. I do not have
a contact with them; perhaps somebody in here does?

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the dns-operations mailing list