[Dnssec-deployment] Expired RRSIGs for .be
Stephane Bortzmeyer
bortzmeyer at nic.fr
Sat Oct 9 12:58:10 EDT 2010
On Sat, Oct 09, 2010 at 04:42:37PM +0000,
Dan Mahoney <dmahoney at isc.org> wrote
a message of 37 lines which said:
> There's also something to be said for having valid contact into in
> your SOA record. And actually checking it. And setting a whitelist
> for DNS|ZONE|SIG|EXPIR|PROBLEM|ISSUE for that address in your spam
> system of choice.
I assume/hope that every zone operator worth of the name already does
it. But the point was "How to tell DNS operators that their DNS zone
no longer works?" I cannot use the address in the SOA of isc.org is
the DNSSEC signatures of isc.org expire... (Even if the SOA was cached
before, the address in it depends on a working isc.org domain.)
More information about the Dnssec-deployment
mailing list