<div dir="ltr">Hi there!<div><br></div><div>It seems like some .gov domains have done a key rollover on these auth servers:<br></div><div>







<p class=""><span class=""><a href="http://authns1.centurylink.net">authns1.centurylink.net</a>.<br></span><a href="http://authns2.centurylink.net">authns2.centurylink.net</a>.<br><a href="http://tpsns11.terrenap.net">tpsns11.terrenap.net</a>.<br><a href="http://tpsns12.terrenap.net">tpsns12.terrenap.net</a>.</p><div>But they didn't change DS records before on the parent zone!</div><div><br></div><div>There are at least 2 domains out there (<a href="http://state.gov">state.gov</a> as well as <a href="http://usembassy.gov">usembassy.gov</a>) that have different DS records on the parent which doesn't match with the DNSKEYs</div><div><br></div><div>...and those TTLs on the zones itself are not helping very much :-(</div><div><br></div><div>







<p class=""><span class="">$ dig DS <a href="http://usembassy.gov">usembassy.gov</a> +cd +short @<a href="http://a.gov-servers.net">a.gov-servers.net</a>.</span></p><p class="">9084 7 1 2130D69182CF4766C79FCD965F663B675355F0E2</p></div><div><div>$ dig +noall DNSKEY <a href="http://usembassy.gov">usembassy.gov</a> @<a href="http://authns2.centurylink.net">authns2.centurylink.net</a> +dnssec +multi +ans</div><div><a href="http://usembassy.gov">usembassy.gov</a>.<span class="" style="white-space:pre">         </span>15768000 IN DNSKEY 256 3 7 (</div><div><span class="" style="white-space:pre">                               </span>AwEAAdBoq6TedHYapEIAlQgURXDox9WezJgEPlY3kq30</div><div><span class="" style="white-space:pre">                               </span>5xtdg0UpleJ3BAIxZ8xmuzvkqSocc5/GrI4C+f/juG7j</div><div><span class="" style="white-space:pre">                               </span>0A/VrqceY1hq63F0miMwaaPYtqRsaTBTb14NiAMrfpzm</div><div><span class="" style="white-space:pre">                               </span>U2CCW3YrmO7vqNnFSmYBqzVqgUfG4orMiayhtc4nh765</div><div><span class="" style="white-space:pre">                               </span>) ; ZSK; alg = NSEC3RSASHA1; key id = 62912</div><div><a href="http://usembassy.gov">usembassy.gov</a>.<span class="" style="white-space:pre">         </span>15768000 IN DNSKEY 257 3 7 (</div><div><span class="" style="white-space:pre">                               </span>AwEAAaTvsQHAkU/vQMCCABy0J20+0W25S8TulOymDOC5</div><div><span class="" style="white-space:pre">                               </span>g68CwdGrFC06eC6D5v2O/sQrfGslwo9qxzKwWkNJIj2t</div><div><span class="" style="white-space:pre">                               </span>ph4qK1C/tg6xw+bhglxJsHH9KO7dM2Bt8r7YuYihdsDR</div><div><span class="" style="white-space:pre">                               </span>sjKzarse/In/tMnfKuj7lXVaKcV+aI//JNDd1UQB4hX9</div><div><span class="" style="white-space:pre">                               </span>Ug67Z28YUEwikNMcla4DCljJuZO/F2XQOrJ98ALGp4dw</div><div><span class="" style="white-space:pre">                               </span>xrkjcGcqjHs3POzK+j/amqlOTfNqA6TYPoYaThKqS+Qu</div><div><span class="" style="white-space:pre">                               </span>2C8vTMXn9lt6OVHUk4wtlsoItHf6f3DF+J2LZQPVOxza</div><div><span class="" style="white-space:pre">                               </span>G3Reo2OeT/ZQ4dXDI8AqTHFMbSeHQ3srtEdATZ8=</div><div><span class="" style="white-space:pre">                           </span>) ; KSK; alg = NSEC3RSASHA1; key id = 48291</div><div><a href="http://usembassy.gov">usembassy.gov</a>.<span class="" style="white-space:pre">         </span>15768000 IN RRSIG DNSKEY 7 2 15768000 (</div><div><span class="" style="white-space:pre">                            </span>20160924193926 20150925183927 48291 <a href="http://usembassy.gov">usembassy.gov</a>.</div><div><span class="" style="white-space:pre">                                </span>Iok8jSTvTnmvCpwufHtgS4UDO6p6iUz+IDY3JyjFQ/D/</div><div><span class="" style="white-space:pre">                               </span>HsbIz0TI6bSB+9bNPu8cvzsYgzVgeqAUgZSDoTK2B9/7</div><div><span class="" style="white-space:pre">                               </span>xFXusIf6x1t7nHMhvbwNf6PxS0EJy3Shec61SmrJwinA</div><div><span class="" style="white-space:pre">                               </span>yPkItqgyoEbqyKEgBanN0/XdMsSXzMCcB+A7bUl9T/XW</div><div><span class="" style="white-space:pre">                               </span>WKF/GIGm6LgkVW/N/Tz+55rTzqzA0MftckdvzNy1N8mb</div><div><span class="" style="white-space:pre">                               </span>rsnfbMk822rZkPJHShZJjL5SYQnrZWKX/CUAbIDMnFGT</div><div><span class="" style="white-space:pre">                               </span>UgRKOoB4zhlI6jGDXI+KnvGnZC1TcXSGkXOiybLCjGtU</div><div><span class="" style="white-space:pre">                               </span>8YMOl0nFezvFqW0URKmKEk8dvTLjYgULIg== )</div><div><a href="http://usembassy.gov">usembassy.gov</a>.<span class="" style="white-space:pre">              </span>15768000 IN RRSIG DNSKEY 7 2 15768000 (</div><div><span class="" style="white-space:pre">                            </span>20160924193926 20150925183927 62912 <a href="http://usembassy.gov">usembassy.gov</a>.</div><div><span class="" style="white-space:pre">                                </span>S/P5KZu2AzibIQw/ctH1fZR8kMrS8onsURxyPIpONkxX</div><div><span class="" style="white-space:pre">                               </span>dWCO1G/5tRVLguD1yxcK98mBje2hKFdD+9DC88PYwp9l</div><div><span class="" style="white-space:pre">                               </span>EtZHNlKHrtXrNYajnLYZYCKiAazYGv73TQYPVP9PyN5s</div><div><span class="" style="white-space:pre">                               </span>k1DsXrg+ZyNCQbuKN8l6qugmoagiJLJXeaI0yQ8= )</div></div><div><br></div><div>Is there anyone here who can help to at least put the old DS records on the parent zone?</div><div><br></div><div>Kind regards,</div><div>Mauricio</div><div><br></div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Mauricio Vergara Ereche<br>Los Angeles, CA<br><a href="http://mave.cero32.cl" target="_blank">http://mave.cero32.cl</a></div></div>
</div></div>