Hi Daniel
> The nerd answer is that you can use Automated DNSSEC Provisioning [1]
> to enable DNSSEC. This also sends an EPP poll message to your
> registrar to update locally cached state information about a domain
> name.
Yes, trying to understand, how I correctly get rid of my old RRSIG
Thanks Daniel for your helpful answers. Yes, CDS is also something I always
wanted to try, but as usual: no hard pressure, no time... ;-)
Benoît Panizzon wrote:
> From their point of view, my 'algo 5' .ch domains have still DNSSEC active
Basically the same behavior I had with my 'algo 7'
On 01.05.23 15:48, Benoît Panizzon via swinog wrote:
It looks like Gandi at least messed up their Registrar UI.
From their point of view, my 'algo 5' .ch domains have still DNSSEC
active but deleting DS or disabling DNSSEC hangs forever and upon
reloading my old algo 5 keys are back. I guess
G'day
just saw something was missing in my reply.
It should say : digest-type 2 and key algorithm 13 should be used.
cheers
Marcus
Monday, May 1, 2023, 11:32:30 AM, you wrote:
> Darn, thank you for the hint! I'm also affected and missed the phase out
> of those algos.
> Guess I have to
Hi all,
Thanks for your replies, you basically backed my work assumption concerning
deprecated algorithms, good to know.
However, this raises some questions about the chosen proceeding of "just
wiping" algo 5/7 and digest 1 DS records from the .ch zone...
Affected domain holders should and
Alg 7 is ancient and deprecated...
When one has DNS issues, especially DNSSEC related, run dnsviz:
https://dnsviz.net/d/gkb.ch/ZDeung/dnssec/
as that will show you what is off:
```
• gkb.ch zone: The server(s) were not responsive to queries over UDP.
(2001:67c:2350:11::bad:babe)
•
Hey
> To the partners at least, in October 2022 informing them that
> anything containing digest-type 1 and/or key algorithm 5 oder 7 are
> no longer supported and will be deleted. This was done last week and
> digest-type 2 and key algorithm should be used. Since end of January
> 2023 you could
Some update
It looks like Gandi at least messed up their Registrar UI.
From their point of view, my 'algo 5' .ch domains have still DNSSEC
active but deleting DS or disabling DNSSEC hangs forever and upon
reloading my old algo 5 keys are back. I guess they perform some API
calls to Switch and
G'day Franco,
To the partners at least, in October 2022 informing them that
anything containing digest-type 1 and/or key algorithm 5 oder 7 are no longer
supported and will be deleted. This was done last week and digest-type 2 and
key algorithm should be used.
Since end of January 2023 you
Not sure if/how it relates to this situation, but it’s notable that the DNSSEC
key signing ceremony was a couple of days ago?
https://www.iana.org/dnssec/ceremonies/49
I don’t see any deprecations but maybe someone needs an update somewhere?
BR
John
I wasn't a part of this procedure so I cannot answer anything related to
that. I can, however, respond to questions for which we make information
available online.
If you want specific information about the procedure I suggest you ask
your registrar or you can contact SWITCH at
Hey SWINOGgers,
I noticed that DNSSEC was somehow auto-disabled at registry level for some .ch
domains I am responsible for.
For these domains, no DS records are published anymore in the .ch zone, dnsviz
shows a broken chain of trust.
However, registrar data still shows that DNSSEC is enabled,
12 matches
Mail list logo
