[dns-operations] .de DNSSEC issues ?
Ben Cartwright-Cox
ben at benjojo.co.uk
Tue May 5 21:48:39 UTC 2026
Yes, denic has seemingly mis-signed all (or almost all) records in .de
```
[22:45:20] ben at metropolis:~$ dig +dnssec de-cix.de @8.8.8.8
; <<>> DiG 9.18.39-0ubuntu0.24.04.3-Ubuntu <<>> +dnssec de-cix.de @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8772
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
; EDE: 6 (DNSSEC Bogus): (RRSIG with malformed signature found for
de-cix.de/ds (keytag=33834))
;; QUESTION SECTION:
;de-cix.de. IN A
;; Query time: 43 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Tue May 05 22:45:22 BST 2026
;; MSG SIZE rcvd: 112
```
On Tue, 5 May 2026 at 22:18, Andreas S. Kerber via dns-operations
<dns-operations at dns-oarc.net> wrote:
>
>
>
>
> ---------- Forwarded message ----------
> From: "Andreas S. Kerber" <ask at ag-trek.de>
> To: dns-operations at lists.dns-oarc.net
> Cc:
> Bcc:
> Date: Tue, 5 May 2026 22:40:40 +0200
> Subject: .de DNSSEC issues ?
> Anyone else seeing problems with DNSSEC validation at .de ? seems to have started at about 21:30 CEST.
> dnsviz shows several errors: https://dnsviz.net/d/de/dnssec/
>
>
> Tried contacting them, but the denic.de MX doesn't accept mail at the moment
>
> May 5 22:34:13 relay=mxext3.mailbox.org. [IPv6:2001:67c:2050:104:0:3:25:1], dsn=4.1.2, reply=450 4.1.2 <dbs at denic.de>: Recipient address rejected: Domain not found, stat=Deferred: 450 4.1.2 <dbs at denic.de>: Recipient address rejected: Domain not found
>
>
>
>
> ---------- Forwarded message ----------
> From: "Andreas S. Kerber via dns-operations" <dns-operations at dns-oarc.net>
> To: dns-operations at lists.dns-oarc.net
> Cc:
> Bcc:
> Date: Tue, 5 May 2026 22:40:40 +0200
> Subject: [dns-operations] .de DNSSEC issues ?
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list