Shumon, On Mar 10, 2015, at 4:35 PM, Shumon Huque <[email protected]<mailto:[email protected]>> wrote:
I did a quick check of a passive DNS database, and I see evidence of a DNSKEY record, seen only once, and at one point in time () count 1 first seen 2014-09-25 02:51:55 -0000 last seen 2014-09-25 02:51:55 -0000 Fascinating… so potentially only in DNS for whatever the interval is for checks by whatever passive DNS database this is. Was this a temporary test? Or was it installed for a while, but the zone was dormant (not queried) for DNSKEY records. It could have been a temporary test… although it seems odd to upload a DS record for a temporary test. I’ve signed all sorts of zones…. but only uploaded DS records for ones where I knew the signing would stay around. The DS seems to have been there for much longer: first seen in zone file 2014-09-23 16:14:19 -0000 last seen in zone file 2015-03-09 16:25:34 -0000 Interesting confirmation of when the DS record was removed. What I find curious is that the DS record appeared on 2014-09-23, two days before the DNSKEY record appeared in the database on 2014-09-25. In my own experience it’s usually been the opposite. I'll stop speculated now, and wait for info from definitive sources .. Thanks for the information. It is useful. Dan -- Dan York Senior Content Strategist, Internet Society [email protected]<mailto:[email protected]> +1-802-735-1624 Jabber: [email protected]<mailto:[email protected]> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/deploy360/
