[dns-operations] Signature expired for the DS of .ch at Cloudflare ?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Oct 4 08:35:14 UTC 2023
Other instances of Cloudflare has the correct info:
% dig +cd +nsid @1.1.1.1 DS ch.
; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> +cd +nsid @1.1.1.1 DS ch.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20816
;; flags: qr aa rd ra cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
; NSID: 35 33 38 6d 31 37 38 ("538m178")
;; QUESTION SECTION:
;ch. IN DS
;; ANSWER SECTION:
ch. 86400 IN DS 10 13 2 (
0E175543A74D9083EA977BAB2BEE98A771995F80982F
B796B2B0B9CC6413D1A6 )
ch. 86400 IN RRSIG DS 8 1 86400 (
20231004050000 20230921040000 11019 .
U0PZSe2x3/R7P1+TKdnX9DSFxRtfvJIEdnI3q4MhSVuq
jX8HiqpU613EAyLF3s9IINPg+ctOSKWOzULMpZK+sbX9
NBzzRevhbHFziGNgqupscrxFKX7PGvRXKjmwfcfi7X4n
nvOlpsW0glNixT4M4vjdzO2bYDmgwzfwoosDy3r2W5e8
VKBn4lj75nqI/fgtLJQyi2pDHokZ5qRnzQ4/lsajwRsP
CnOgGnmtTyq3HRnI9cng5Lqv6yDHYacIk2Fpte6ehirN
oLwGaSwtWk7Tf1k/GpNKB3kpYb/e8VYVQ7c1ydwk7on7
tVn6hUaNlHpVbj8eFHXQYmRfvAl8+VAMBw== )
;; Query time: 8 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Wed Oct 04 10:34:06 CEST 2023
;; MSG SIZE rcvd: 377
% dig +nsid @1.1.1.1 DS ch.
; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> +nsid @1.1.1.1 DS ch.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52317
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
; EDE: 7 (Signature Expired): (failed to verify ch. DS: RRSIG ch., expiration = 1696395600)
; NSID: 35 33 32 6d 33 33 ("532m33")
;; QUESTION SECTION:
;ch. IN DS
;; Query time: 8 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Wed Oct 04 10:34:50 CEST 2023
;; MSG SIZE rcvd: 106
More information about the dns-operations
mailing list