This isn’t key renewal. This is signature regeneration. net.au. 900 IN DS 40165 8 2 E1EF24B9E822E574D996E6B03F438B78E5F5914E47D0C0151A21B114 CEE45A26 net.au. 900 IN RRSIG DS 8 2 900 20231030004937 20230917231937 62233 au. L446gkKJ2PaxX+6QbcfDJMmV7a9Ho2E9wDctqtixeX90O0fGxOtENcyM 28nmJPhGN+RYY1Kycx3NsM6x+zEqVX6X1SOxLBfon6IBxtqg8bRafMQm DZcdo82c6wQAacBUsutqPuY+foTF7ygn1tbPees6rPJE8N9hRqhJC0QE DpCkWmA6bdSprjivnYJTAYiT3+/7UKRmxiu386qPNICeSP4jc2YdkH7A VPeZapqnhY72cLGcfmgZWT6apveljm2gwrYoq1dTh5vvc/r+jTJVHgSn zU7pYU/BJlHIFC4lwaGpNB/j/oKngL6or1zfnB3rjFeBx2R9kfzwWl2R dGvdkg==
With signature lifetimes of ~45 days and a zone expiry value of 4 weeks this should have been caught at least 4 weeks ago if good operation practice was being applied. Mark > On 18 Sep 2023, at 11:04, Two Fat Monkeys - Dirk Bermingham > <[email protected]> wrote: > > Isn’t PKI fun? I’d not like to be the person in charge of key renewal today… > From: AusNOG <[email protected]> On Behalf Of Nathan Brookfield > Sent: Monday, September 18, 2023 10:58 AM > To: Andrew Radke <[email protected]>; Luke Thompson <[email protected]> > Cc: [email protected] > Subject: Re: [AusNOG] AU DNS - Something happening? > Appears that the RRSIG expired at 00:05:29 UTC > Nathan Brookfield | VK2NAB > General Manager > > p: 1300 592 330 | m: 0412 266 008 > e: [email protected] | w: iperium.com.au > > Suite 4.02, 189 Kent Street Sydney NSW 2000<image001.png> > > Your Telco Team > DISCLAIMER: This document is intended solely for the named addressee. This > electronic communication, which includes any files or attachments thereto, > contains proprietary or confidential information and may be privileged and > otherwise protected under copyright or other applicable intellectual property > laws. The use, disclosure, copying or distribution of any of the information > contained in this document, by any person other than the addressee, is > strictly prohibited. If you received this document in error, please contact > the sender immediately and delete all the material from any computer. > Confidentiality and legal privilege are not waived or lost by reason of > mistaken delivery to you. Any views or opinions presented are solely those of > the author and do not necessarily represent those of Iperium. > > WARNING: Computer viruses can be transmitted via email. The recipient should > check this email and any attachments for the presence of viruses. Iperium > accepts no liability for any damage caused by any virus transmitted by this > email. > From: AusNOG <[email protected]> On Behalf Of Andrew Radke > Sent: Monday, September 18, 2023 10:56 AM > To: Luke Thompson <[email protected]> > Cc: [email protected] > Subject: Re: [AusNOG] AU DNS - Something happening? > Yeah, we are seeing dnssec failing on some of our resolvers but not others. > Haven’t dug as to why but disabling it until sorted. > Regards, > Andrew Radke > Open Spaces Internet Pty Ltd > Ph: 0412 798 593 > Web: osi.com.au > On 18 Sep 2023, at 10:26 am, Luke Thompson <[email protected]> wrote: > Ah hah, DNSSEC makes sense. Curious to see how long goes by until everything > clears. > > On 18/9/2023 10:23 am, Ted Cooper wrote: > The DNS signatures just expired. Everything just went boom. > > RRSIG net.au/DS alg 8, id 62233: The Signature Expiration field of the RRSIG > RR (2023-09-18 00:05:29+00:00) is 15 minutes in the past. > > https://dnsviz.net/d/abc.net.au/ZQeX9w/dnssec/ > > > On 18/9/23 10:20, Luke Thompson wrote: > We've got many internal/external monitoring alerts going off. Common factor > seems to be AU DNS. > > Is anyone else seeing alerts tripped? Emails are flowing & I can query OK > (Starlink), yet hosts remain "down". > > 15 minutes since the first alert came through. WhatsMyDNS for "down" hosts is > showing about a 50% query hit rate. > > Cheers, > Luke > > _______________________________________________ > AusNOG mailing list > [email protected] > https://lists.ausnog.net/mailman/listinfo/ausnog > _______________________________________________ > AusNOG mailing list > [email protected] > https://lists.ausnog.net/mailman/listinfo/ausnog > _______________________________________________ > AusNOG mailing list > [email protected] > https://lists.ausnog.net/mailman/listinfo/ausnog > _______________________________________________ > AusNOG mailing list > [email protected] > https://lists.ausnog.net/mailman/listinfo/ausnog -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ AusNOG mailing list [email protected] https://lists.ausnog.net/mailman/listinfo/ausnog
