discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Jeff Taylor <shdwdrgn AT sourpuss.net>
- To: discuss AT lists.opennicproject.org
- Subject: [opennic-discuss] DNSSEC is broken
- Date: Sun, 13 Dec 2015 10:40:13 -0700
- Authentication-results: mx4.sourpuss.net; dmarc=none header.from=sourpuss.net
- Dmarc-filter: OpenDMARC Filter v1.3.0 mx4.sourpuss.net 2EEFE2D4A5
I wanted to let everyone know, DNSSEC is currently broken in the opennic root zone. I've traced the problem to an expired zone-signing key, so I just need to find out why a new key wasn't generated...
Unfortunately I have to take off for the day, so I won't be able to work on the problem until this evening. We know that the current root zone will fail when resolving .fr and .ru domains if you have dnssec-validation enabled, and there may be others, so please disable it for now if this causes problems.
- [opennic-discuss] DNSSEC is broken, Jeff Taylor, 12/13/2015
- Re: [opennic-discuss] DNSSEC is broken (fixed now), Jeff Taylor, 12/13/2015
Archive powered by MHonArc 2.6.19.