.biz DNSSEC borked
Franck Martin
fmartin at linkedin.com
Mon Jun 24 02:50:32 UTC 2013
On Jun 23, 2013, at 4:49 PM, Valdis.Kletnieks at vt.edu wrote:
> On Sat, 22 Jun 2013 20:45:44 +0200, Andre Tomt said:
>> Seems the entire .biz tld is failing DNSSEC validation now.
>> All of my DNSSEC validating resolvers are tossing all domains in .biz.
>> The non-signed domains too of course because trust of the tld itself
>> cannot be established.
>>
>> http://dnssec-debugger.verisignlabs.com/nic.biz
>
> So which event caused more disruption? 50K .com's in a failed DDoS
> mitigation, or every single .biz lookup by something that actually does
> dnssec?
>
I don't think we are trying to quantify which one was worst or point fingers at, but how do we remediate these type of issues in the future? I think these events will happen more and more often...
a TTL of 2 days seems rather long for NS and do I see 6 days TTL for DNSSEC records for .biz ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130624/a6f01b90/attachment.sig>
More information about the NANOG
mailing list