From walter at secureme.it Fri Apr 3 13:00:58 2026 From: walter at secureme.it (Walter Russo) Date: Fri, 3 Apr 2026 15:00:58 +0200 Subject: DKIM verification failures (DNS timeout suspected) Message-ID: Hello everyone, I?ve been experiencing an issue recently related to DKIM verification by Microsoft 365 and Aruba. According to the DMARC reports I receive from these two providers, DKIM signatures are not being validated by their systems. However, other providers do not show any such errors. I?m trying to understand whether this is an issue specific to my setup or if others are encountering similar problems. Any feedback or shared experiences would be greatly appreciated. Thanks in advance. Best regards Walter Russo -------------- next part -------------- An HTML attachment was scrubbed... URL: From kathy.schnitt at icann.org Thu Apr 9 19:51:58 2026 From: kathy.schnitt at icann.org (Kathy Schnitt) Date: Thu, 9 Apr 2026 19:51:58 +0000 Subject: [dns-operations] Call for Participation -- ICANN DNSSEC and Security Workshop for the ICANN Policy Forum Message-ID: <6234C2ED-BB8E-4D28-AF60-70BAFA3E5ED3@icann.org> Call for Participation -- ICANN DNSSEC and Security Workshop for the ICANN Policy Forum In cooperation with the ICANN Security and Stability Advisory Committee (SSAC), we are planning a DNSSEC and Security Workshop for the ICANN86 Policy Forum. This meeting will be held as a hybrid meeting from 8-11 June 2026 in Seville, Spain, at the FIBES Conference and Exhibition Centre. The workshop will be held on Monday 08, June 2026 at 14:45 local time (CEST / UTC+2:00 hours). NOTE: For ICANN86, we have capacity for only one workshop session. As a result, The Program Planning Committee will be selective in its evaluation of presentation proposals. If your proposal is not selected on this occasion, we would welcome the opportunity to revisit it for a future ICANN meeting. The DNSSEC and Security Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced participants and newcomers to meet, present and discuss current and future DNSSEC deployments. For reference, the most recent session was held at the ICANN85 Community Forum on Wednesday, 11 March 2026. The presentations and transcripts are available at the following links: Session 1, Session 2, and Session 3. The DNSSEC Workshop Program Committee is developing a program for the upcoming meeting. Proposals will be considered for the following topic areas and included if space permits. In addition, we welcome suggestions for additional topics either for inclusion in the ICANN86 workshop, or for consideration for future workshops. 1. Global DNSSEC Activities Panel For this panel, we are seeking participation from those who have been involved in DNSSEC deployment as well as from those who have not deployed DNSSEC, but who have a keen interest in the challenges and benefits of deployment, including Root Key Signing Key (KSK) rollover activities and plans. 2. DNSSEC Best Practices Now that DNSSEC has become an operational norm for many registries, registrars, and ISPs, what have we learned about how we manage DNSSEC? * What are current best practices around key rollovers? * What about algorithm rollovers? Do you use and support DNSKEY Algorithms 13-17? * How often do you review your disaster-recovery procedures? * Is there operational familiarity within your customer support teams? * What operational statistics have been gathered about DNSSEC? * Are experiences being documented in the form of best practices, or something similar, for transfer of signed zones? Activities and issues related to DNSSEC in the DNS Root Zone are also desired. 3. DNSSEC Deployment Challenges The program committee is seeking input from those that are interested in implementation of DNSSEC but have general or concerns with DNSSEC. We are seeking input from individuals that would be willing to participate in a panel that would discuss questions of the following nature: * Are there any policies directly or indirectly impeding your DNSSEC deployment? (e.g.,RRR model, CDS/CDNSKEY automation) * What are your most significant concerns with DNSSEC, (e.g., complexity, training, implementation, operation, etc.) * What do you expect DNSSEC to provide and what does it not deliver? * What do you see as the most important trade-offs in deploying (or not deploying) DNSSEC? 4. Security Panel We invite presentations on DNS, DNSSEC, routing and other topics that could affect the security and/or stability of the Internet. Especially interested in implementation issues, challenges, opportunities, and best practices related to: * Emerging threats that could impact the security and/or stability of the Internet * DoH and DoT * RPKI (Resource Public Key Infrastructure) * BGP routing and secure implementations * MANRS (Mutually Agreed Norms for Routing Security) * Browser security ? DNS, DNSSEC, DoH * Email and DNS-related security ? DMARC, DKIM, TLSA, etc? If you are interested in participating, please send a brief (1-3 sentences) description of your proposed presentation to dnssec-security-workshop at icann.org by 11 May 2026. Thank you, Dan and Kathy On behalf of the DNSSEC Workshop Program Committee: Gautam Akiwate, Stanford University Steve Crocker, Edgemoor Research Institute Mark Elkins Layal Jebran, Moubarmij Ram Mohan,Identity Digital Russ Mundy, Tislabs Peter Thomassen, deSEC Yoshiro Yoneya Dan York, Internet Society -------------- next part -------------- An HTML attachment was scrubbed... URL: From bortzmeyer at nic.fr Mon Apr 20 13:14:30 2026 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Mon, 20 Apr 2026 15:14:30 +0200 Subject: Hijacking of eth.limo Message-ID: Two good post-mortems (funny: the hijacker could have changed the DS but he forgot): https://x.com/eth_limo/status/2045552916157563148 https://easydns.com/blog/2026/04/18/we-screwed-up-and-we-own-it-the-eth-limo-shtshow-is-on-us/ (Cloudflare and Namecheap authoritative name servers continue to serve the wrong info. If someone work for these companies and can do something...)