[Dnssec-deployment] Fwd: ed.gov dnssec validation problems

Carlos Vicente cvicente.lists at gmail.com
Fri May 27 14:00:02 EDT 2011


I meant to CC this list earlier.

An addition to the note below, it struck me as interesting that a
CNAME from a signed zone pointing to an insecure zone will make the
validation fail. I suppose that ed.gov could solve that by using A
records with the hosting site's IP address instead.

Anyways, I'm hoping that more people report the problem so that they
fix it quickly.

Thx,

cv


---------- Forwarded message ----------
From: Carlos Vicente <cvicente.lists at gmail.com>
Date: Fri, May 27, 2011 at 9:51 AM
Subject: ed.gov dnssec validation problems
To: dns-operations at lists.dns-oarc.net


I've received complains from users on our campus having trouble
resolving the following:


www.ed.gov
www.ffa.ed.gov
www.cod.ed.gov
www.ifap.ed.gov

A quick look at our dnssec logs shows problems with validation, and also:

http://dnssec-debugger.verisignlabs.com/www.ed.gov
http://dnsviz.net/d/www.ed.gov/dnssec/


However, when trying to get the contact information for the domain, I'm seeing

;; ANSWER SECTION:
ed.gov.                 2958    IN      SOA     eduptcdnsp01.ed.gov.
admin.bcn.com. 324472506
10800 3600 604800 3600

But a whois lookup of bcn.com shows:


Nombre de dominio: BCN.COM

Propietario:
   B C N, S.L.
   B C N, S.L.        (dnsadmin at ibercom.com)
   Provenca, 363-5.C-3
   Barcelona
   Barcelona,08025
   ES

???

So, I'm not sure who to contact. Any suggestions?

cv


More information about the Dnssec-deployment mailing list