Hey SWINOGgers,
I noticed that DNSSEC was somehow auto-disabled at registry level for some .ch
domains I am responsible for.
For these domains, no DS records are published anymore in the .ch zone, dnsviz
shows a broken chain of trust.
However, registrar data still shows that DNSSEC is enabled, b
G'day Franco,
To the partners at least, in October 2022 informing them that
anything containing digest-type 1 and/or key algorithm 5 oder 7 are no longer
supported and will be deleted. This was done last week and digest-type 2 and
key algorithm should be used.
Since end of January 2023 you coul
Not sure if/how it relates to this situation, but it’s notable that the DNSSEC
key signing ceremony was a couple of days ago?
https://www.iana.org/dnssec/ceremonies/49
I don’t see any deprecations but maybe someone needs an update somewhere?
BR
John
_
Alg 7 is ancient and deprecated...
When one has DNS issues, especially DNSSEC related, run dnsviz:
https://dnsviz.net/d/gkb.ch/ZDeung/dnssec/
as that will show you what is off:
```
• gkb.ch zone: The server(s) were not responsive to queries over UDP.
(2001:67c:2350:11::bad:babe)
• gkb.
4 matches
Mail list logo
