Skip to Content.
Sympa Menu

discuss - [opennic-discuss] DNSSEC is broken

discuss AT

Subject: Discuss mailing list

List archive

[opennic-discuss] DNSSEC is broken

Chronological Thread 
  • From: Jeff Taylor <shdwdrgn AT>
  • To: discuss AT
  • Subject: [opennic-discuss] DNSSEC is broken
  • Date: Sun, 13 Dec 2015 10:40:13 -0700
  • Authentication-results:; dmarc=none
  • Dmarc-filter: OpenDMARC Filter v1.3.0 2EEFE2D4A5

I wanted to let everyone know, DNSSEC is currently broken in the opennic root zone. I've traced the problem to an expired zone-signing key, so I just need to find out why a new key wasn't generated...

Unfortunately I have to take off for the day, so I won't be able to work on the problem until this evening. We know that the current root zone will fail when resolving .fr and .ru domains if you have dnssec-validation enabled, and there may be others, so please disable it for now if this causes problems.

Archive powered by MHonArc 2.6.19.

Top of Page