On Mon, Jul 24, 2023 at 09:13:30AM +0000, Manal Ismail wrote:
> We are in the middle of updating the records .. The update is
> currently pending one approval .. Once done, today, all problems will
> hopefully be fixed ..
Congratulations, looks much better now:
https://dnsviz.net/d/xn--wgbh1c/ZMG2OA/dnssec/
The only minor nit is that in addition to a SHA256 key hash DS RR your
DS RRset also includes a SHA-1 key hash DS RR.
$ dig +noidnout +noall +ans +nottl +nosplit -t ds xn--wgbh1c
xn--wgbh1c. IN DS 65350 13 2
5ECE34228C4114FC455E07F4BB4B3DF8B501D874C4A4070ACBB378F41F17A0E5
xn--wgbh1c. IN DS 65350 13 1 746DD718F1BDAE3B4F2578767C4B47A039501641
Though additional SHA-1 DS records do not break anything, they also are
deprecated, no longer needed, and are best not published. At your
convenience, I'd like to recommend pruning the DS RRset to just:
xn--wgbh1c. IN DS 65350 13 2
5ECE34228C4114FC455E07F4BB4B3DF8B501D874C4A4070ACBB378F41F17A0E5
--
Viktor.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
