[Dnssec-deployment] Fwd: ed.gov dnssec validation problems
Carlos Vicente
cvicente.lists at gmail.com
Fri May 27 14:00:02 EDT 2011
I meant to CC this list earlier.
An addition to the note below, it struck me as interesting that a
CNAME from a signed zone pointing to an insecure zone will make the
validation fail. I suppose that ed.gov could solve that by using A
records with the hosting site's IP address instead.
Anyways, I'm hoping that more people report the problem so that they
fix it quickly.
Thx,
cv
---------- Forwarded message ----------
From: Carlos Vicente <cvicente.lists at gmail.com>
Date: Fri, May 27, 2011 at 9:51 AM
Subject: ed.gov dnssec validation problems
To: dns-operations at lists.dns-oarc.net
I've received complains from users on our campus having trouble
resolving the following:
www.ed.gov
www.ffa.ed.gov
www.cod.ed.gov
www.ifap.ed.gov
A quick look at our dnssec logs shows problems with validation, and also:
http://dnssec-debugger.verisignlabs.com/www.ed.gov
http://dnsviz.net/d/www.ed.gov/dnssec/
However, when trying to get the contact information for the domain, I'm seeing
;; ANSWER SECTION:
ed.gov. 2958 IN SOA eduptcdnsp01.ed.gov.
admin.bcn.com. 324472506
10800 3600 604800 3600
But a whois lookup of bcn.com shows:
Nombre de dominio: BCN.COM
Propietario:
B C N, S.L.
B C N, S.L. (dnsadmin at ibercom.com)
Provenca, 363-5.C-3
Barcelona
Barcelona,08025
ES
???
So, I'm not sure who to contact. Any suggestions?
cv
More information about the Dnssec-deployment
mailing list