[dns-operations] .LR Not Resolving

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Jun 13 08:06:34 UTC 2024


On Wed, Jun 12, 2024 at 07:38:26AM +0000,
 ISOC Liberia <liberiaisoc at gmail.com> wrote 
 a message of 91 lines which said:

> I am reaching out because the Liberia country-code-top-level-domain
> that is the .lr is not resolving due to DNSSEC,

Despite having the same serial number in the SOA, not all
authoritative name servers for .lr return the same thing. For
instance, a query for lr/DNSKEY to 77.72.229.254 returns one signature
while the same query to 2a01:3f0:0:306::53 returns two signatures
(same keytag), with probably one invalid, according to the reports
from Zonemaster <https://zonemaster.fr/en/result/77c33ec33e528a59> and
DNSviz <https://dnsviz.net/d/lr/ZmqhSQ/dnssec/>.

Advice: publish a new zone, with an updated serial number to force
refreshing.



More information about the dns-operations mailing list