nanog mailing list archives
Re: .biz DNSSEC borked
From: Franck Martin <fmartin () linkedin com>
Date: Mon, 24 Jun 2013 02:50:32 +0000
On Jun 23, 2013, at 4:49 PM, Valdis.Kletnieks () vt edu wrote:
On Sat, 22 Jun 2013 20:45:44 +0200, Andre Tomt said:Seems the entire .biz tld is failing DNSSEC validation now. All of my DNSSEC validating resolvers are tossing all domains in .biz. The non-signed domains too of course because trust of the tld itself cannot be established. http://dnssec-debugger.verisignlabs.com/nic.bizSo which event caused more disruption? 50K .com's in a failed DDoS mitigation, or every single .biz lookup by something that actually does dnssec?
I don't think we are trying to quantify which one was worst or point fingers at, but how do we remediate these type of issues in the future? I think these events will happen more and more often... a TTL of 2 days seems rather long for NS and do I see 6 days TTL for DNSSEC records for .biz ?
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- .biz DNSSEC borked Andre Tomt (Jun 22)
- Re: .biz DNSSEC borked jamie rishaw (Jun 22)
- Re: .biz DNSSEC borked Andre Tomt (Jun 22)
- Re: .biz DNSSEC borked Franck Martin (Jun 23)
- Re: .biz DNSSEC borked Valdis . Kletnieks (Jun 23)
- Re: .biz DNSSEC borked Jared Mauch (Jun 23)
- Re: .biz DNSSEC borked Franck Martin (Jun 23)