[dns-operations] usa.gov Expired RRSIGs

cjc+dns-oarc at pumpky.net cjc+dns-oarc at pumpky.net
Fri Mar 25 20:40:33 UTC 2022


If anyone out there is from usa.gov or has some contacts closer
to usa.gov, some of their servers are handing out expired
RRSIGs for the DNSKEYs,

https://dnsviz.net/d/usa.gov/dnssec/

At least still happening as I am sending this at about 2040 UTC,
March 25th.

The RRSIGs expired roughly 24 hours ago. Some NS servers return
good RRSIGs, other the expired. In a few cases the "same" server
returns expired to queries to its IPv4 address, but queries
to IPv6 are OK. Guess it's really not the same server (which
really is fine, just interesting to note).


More information about the dns-operations mailing list