Hi all, I'm on it. Sorry to be so brief in this message, we have to fix it. New zones with new RRSIG have just been released, It should be better now.
le 04 mai, Viktor Dukhovni a ?crit : > On Mon, May 04, 2020 at 09:35:26PM +0200, Martin Wismer wrote: > > > I noticed, that the DNSSEC signed Domains under top-Level Domain fr. > > failed since about 4 hours. > > Indeed, there does seem to be a problem with expired DS RR signatures. > A random sample of 1000 .fr child domains (out of 398,564 total known > to me signed .fr domains) returns DS lookup ServFail for 205 of them. > > The associated RRSIG expiration times are: > > 204 20200504145605 > 1 20200504174835 > > We can estimate the standard-deviation at ~sqrt(n*p*q) or ~13, so > the 3-sigma interval is roughly 16% to 24% of the DS RRSIGs are > now expired, affecting ~80k signed domains. > > > Could anybody please fix this? > > I sent a Twitter message to "Vincent Levigneron", but likely some AFNIC > folks are on this list. > > > Does anybody else also noticed this? > > Yes. See above. > > -- > Viktor. > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > -- Vincent Levigneron A.F.N.I.C. [email protected]
signature.asc
Description: PGP signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
