[164030] in North American Network Operators' Group
Re: .biz DNSSEC borked
daemon@ATHENA.MIT.EDU (Franck Martin)
Sun Jun 23 22:51:12 2013
From: Franck Martin <fmartin@linkedin.com>
To: "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu>
Date: Mon, 24 Jun 2013 02:50:32 +0000
In-Reply-To: <94912.1372031354@turing-police.cc.vt.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_BF683624-6E36-46D7-9D31-FD22060EC33D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
On Jun 23, 2013, at 4:49 PM, Valdis.Kletnieks@vt.edu wrote:
> On Sat, 22 Jun 2013 20:45:44 +0200, Andre Tomt said:
>> Seems the entire .biz tld is failing DNSSEC validation now.
>> All of my DNSSEC validating resolvers are tossing all domains in =
.biz.
>> The non-signed domains too of course because trust of the tld itself
>> cannot be established.
>>=20
>> http://dnssec-debugger.verisignlabs.com/nic.biz
>=20
> So which event caused more disruption? 50K .com's in a failed DDoS
> mitigation, or every single .biz lookup by something that actually =
does
> dnssec?
>=20
I don't think we are trying to quantify which one was worst or point =
fingers at, but how do we remediate these type of issues in the future? =
I think these events will happen more and more often...
a TTL of 2 days seems rather long for NS and do I see 6 days TTL for =
DNSSEC records for .biz ?=
--Apple-Mail=_BF683624-6E36-46D7-9D31-FD22060EC33D
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
iQEcBAEBCgAGBQJRx7QEAAoJEJHd9Bbysc+aK5YH/A3sJllUrVd4Vu2t5lZ4IWH7
IZdiGG91svgfk+5hyi5ZU/egVM5r9djMoLUbFt4GmuGH2RamWZ/7fKwctF4TGdxy
4vhwWHyFzKW497TQg/he0nC+I9MLHVc+sotWivSLdWdgrxlImgVzzK5KbYM5RFnH
VnpbMQc264e+kmtKbn1M7MuEzvgUWfoO1g/WfJWJn8+xkRIe4+ZThDjJjdWIGUJh
TBwsrzEdzx/Jw9vqnYVG3m90E9ktfyQnqLG+u70SxO76zaY+uL60+Nz2xSw1u9Kd
yjeQdqk2Cppa7t2d9ShC2J37bck+JTl+WH5lne0wjYiDEFv8Oq5vWwpt0ZAACgA=
=I/7a
-----END PGP SIGNATURE-----
--Apple-Mail=_BF683624-6E36-46D7-9D31-FD22060EC33D--
