[dns-operations] TLD .fj broken (DNSSEC issue)
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Mar 8 09:23:21 UTC 2022
Entire TLD down since the DS goes to an unexisting key
<https://dnsviz.net/d/fj/YicaMA/dnssec/>.
% dig @a.root-servers.net fj ds
; <<>> DiG 9.16.22-Debian <<>> @a.root-servers.net fj ds
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21820
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;fj. IN DS
;; ANSWER SECTION:
fj. 86400 IN DS 18952 8 2 (
B22F5938AD822A76499A3AC295E061CC07FCE36D7956
E26A4F51AEDE1717F993 )
fj. 86400 IN RRSIG DS 8 1 86400 (
20220321050000 20220308040000 9799 .
GV9jHAYa1/THxNVXY8xfd9KpkgfWJH9etKm6d13p95Dp
DI/i8q8gDCYHK3s7+QkQWmwnuhyIajYXbJGpwjpIZFJJ
dUlL6kJyApAbx8p+XvnMRE8IiI7HwjE+SReu4iOVhuXy
sBEDGvdwHjENYes8g7S909FefLFCaBfZ8WVWVBWOOQNY
ueERcBFn6kAUSM8Es5xzt7B0UnivO+dWX6NSXxzVPxTW
8hTsWXoyLle6Qkxti2+4zQJS/UlQYYeSUZbj/bGTlV/j
8z7GdoFngXNwyZXrGxmdqxSvzFUh9/38Idn0xC1HAvFW
4jhDCS1WV9NPiBs0Wx/VG8yMM0KGXbi+Fg== )
;; Query time: 12 msec
;; SERVER: 2001:503:ba3e::2:30#53(2001:503:ba3e::2:30)
;; WHEN: Tue Mar 08 10:22:09 CET 2022
;; MSG SIZE rcvd: 366
But:
% dig @144.120.146.1 fj dnskey
; <<>> DiG 9.16.22-Debian <<>> @144.120.146.1 fj dnskey
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53588
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: 2c82e96a472de66f47f4f4ee62272071aeeee682d2e21408 (good)
;; QUESTION SECTION:
;fj. IN DNSKEY
;; ANSWER SECTION:
fj. 3600 IN DNSKEY 256 3 8 (
AwEAAdpT6o6ustm4WxYhP8Xa6P1+1dvYExn1LyOC9qUX
dbt3BWPok+obi69yRywGD740Aj6AO7To2HXDlLF3YF5c
R1mO5mo6iSTHqNAg4rjE49/BVxjV3KgmEOGFdtiMbAi+
4d6KMPkl+HULwmJkdcu8gkG9cYjBkJ2OUpfvsjaZ47/a
zk+d8ffEd0oN/0dC9lhcaeYOvhJehdGHFemKY3Mk5O1F
Zrww9OF3SOBSrW+C6LPk04/mTji7j6OeIDfFIMvuu0oN
OAqxTlwUuoTeIiHmJZ0jNlKgBgmsTmlRETAEjcDqcGha
wiENI65uRYbx2eRv5k2U5If0ydhMxBLYAcqFEHE=
) ; ZSK; alg = RSASHA256 ; key id = 24459
fj. 3600 IN DNSKEY 257 3 8 (
AwEAAchm/6TsZVKXuzGe+5Kx/7PW2j1jMkctAL+FaWn+
LW28Kzr4KI9XQz2bd1byWdsljsKkW1zMiiLBlxHcmUiK
vv8hIPLwdxwEdutCve9arJNfDyDhCf5SCHenzQwaR3pQ
zQ+QzaTVPQKz9VIfV6u06wGqq4iTo014N2ITs2EtYU0T
bydZ/cOuy2+N5xE1Xi6JrJuwPKSQfi3M3Ojb3SA4EK6f
BaiGM2Ri1DN6OD+5A8Z9R4EihqAtPtkjJI8mqAbmXu+d
krMJVljtaCMlt2tejaqzqfwd4FJQEdFRiEdMwB3sYjsH
+cMn3QJlvlSXm/w174e5Wzvk563TvuPOrLzefQU=
) ; KSK; alg = RSASHA256 ; key id = 12931
fj. 3600 IN RRSIG DNSKEY 8 1 3600 (
20220321164811 20220307230005 12931 fj.
uRN6QJdTyElu51Xzz30KDF8efDUL+RrZwjy4YyPX2YKv
fLJ5ugQm2jA/Js3UteScHJOEzBobYLnWI/jKYqi6/EVX
78KCaqDMZwnkDOVn6FKRUM+oK/FPWFCPWAUQQ6pVWqY3
OiU/GA5yW6f5oD0yyt3K0HIpAnC86lAftGyhHSoeDm4D
EF+yJPJtB07z2/dyIthg8Gtzo9/24yEAgWjhFPa/DNWv
K7jw2/alPUBFMNTIWGba918PJRgJg8G6HQQ4xWqr4xV/
O7gPRk+Wh8/YlfrGdfWoBTax2VMvQGhrBmqTqxwKwaEC
+gpwGasOMSF5g/DujuHSQ0NK7+L67m+wHA== )
;; Query time: 320 msec
;; SERVER: 144.120.146.1#53(144.120.146.1)
;; WHEN: Tue Mar 08 10:22:57 CET 2022
More information about the dns-operations
mailing list