On Tue, Mar 08, 2022 at 10:23:21AM +0100, Stephane Bortzmeyer wrote: > Entire TLD down since the DS goes to an unexisting key > <https://dnsviz.net/d/fj/YicaMA/dnssec/>. > > % dig @a.root-servers.net fj ds > fj. 86400 IN DS 18952 8 2 ( > B22F5938AD822A76499A3AC295E061CC07FCE36D7956 E26A4F51AEDE1717F993 )
This had been in place unchanged since at least 2021-03-12, when the TLD was first signed. (There's a new DS RR matching the KSK now). > % dig @144.120.146.1 fj dnskey > fj. 3600 IN DNSKEY 256 3 8 ( ... ) ; ZSK; alg = RSASHA256 ; > key id = 24459 > fj. 3600 IN DNSKEY 257 3 8 ( ... ) ; KSK; alg = RSASHA256 ; > key id = 12931 > fj. 3600 IN RRSIG DNSKEY 8 1 3600 ( 20220321164811 > 20220307230005 12931 fj. ... ) There had also been two ZSK rollovers since the TLD was signed, on 2021-09-03 and 2022-03-03, but this was the first KSK rollover. Apparently, without overlap with the previous KSK, and only a subsequent parent DS update. :-( There is now a new DS RR matching the KSK and also a fresh ZSK. IANA lists: Technical Contact Manager Systems & Networks The University of the South Pacific IT Services Suva Fiji Email: dom...@usp.ac.fj Voice: +679 323 2117 Is anyone in a position to reach out and help them avoid future issues? -- Viktor. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations