.biz DNSSEC borked

jamie rishaw j at arpa.com
Sat Jun 22 19:10:10 UTC 2013


confirmed

None of the 5 DNSKEY records could be validated by any of the 2 DS records
The DNSKEY RRset was not signed by any keys in the chain-of-trust


 biz has SOA record a.gtld.biz. hostmaster.neustar.biz. 12161960 900 900
604800 86400 (BOGUS (security failure)) validation failure <biz. SOA IN>:
no keys have a DS from 156.154.127.65 for key BIZ. while building chain of
trust


tcp: biz has SOA record a.gtld.biz. hostmaster.neustar.biz. 12161960 900
900 604800 86400 (BOGUS (security failure)) validation failure <biz. SOA
IN>: no keys have a DS from 156.154.127.65 for key BIZ. while building
chain of trust




On Sat, Jun 22, 2013 at 1:45 PM, Andre Tomt <andre-nanog at tomt.net> wrote:
>
> Seems the entire .biz tld is failing DNSSEC validation now.
> All of my DNSSEC validating resolvers are tossing all domains in .biz.
The non-signed domains too of course because trust of the tld itself cannot
be established.
>
> http://dnssec-debugger.verisignlabs.com/nic.biz
>


More information about the NANOG mailing list