On 08/14/2013 07:37, staticsafe wrote: > On Wed, Aug 14, 2013 at 03:31:12PM +0200, Casper Gielen wrote: >> It appears that .gov is failing dnssec-validation. >> The have switched over to a new key (id 7698, alg 8) without uploading a >> new DS to the root. >> -- >> Casper Gielen <[email protected]> | LIS UNIX >> PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 >> >> Universiteit van Tilburg | Postbus 90153, 5000 LE >> Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl > > Seems to have been fixed.
Yes, they seem to have rolled back to the existing algo 7 key. Based on Duane's note from the 30th, there was supposed to be some more advanced notice before the roll actually happened. I suspect a test version of the zone got rolled into production by accident. Some of us are already being asked for "root-cause analysis" from National Lab CIOs (in my case...I am sure there are many others...). :) michael _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
