> On 3 Nov 2023, at 02:18, Viktor Dukhovni wrote:
>
> On Thu, Nov 02, 2023 at 09:34:17AM +0100, Stephane Bortzmeyer wrote:
>
>>> Specifically, in the case of signed zones, monitoring MUST also include
>>> regular checks of the remaining expiration time of at least the core
>>> zone apex
On Thu, Nov 02, 2023 at 09:34:17AM +0100, Stephane Bortzmeyer wrote:
> > Specifically, in the case of signed zones, monitoring MUST also include
> > regular checks of the remaining expiration time of at least the core
> > zone apex records (DNSKEY, SOA and NS), and ideally the whole zone, both
>
Dear colleagues,
Please find below the post mortem for the DNSSEC problem that caused
most of RIPE NCC's services to become unavailable yesterday.
Please reach out if you have any questions or feedback.
Thanks,
Paul de Weerd
Manager Global Information Infrastructure team
RIPE NCC
Summary
A domain crawler (nothing catastrophic, just for information).
--- Begin Message ---
i have blocked a zone enumerator, though i guess they will be a
whack-a-mole
others have reported them as well
/home/randy> sudo tcpdump -pni vtnet0 -c 10 port 53 and net 193.235.141
tcpdump: verbose output
On Wed, Nov 01, 2023 at 12:18:42PM -0400,
Viktor Dukhovni wrote
a message of 67 lines which said:
> Specifically, in the case of signed zones, monitoring MUST also include
> regular checks of the remaining expiration time of at least the core
> zone apex records (DNSKEY, SOA and NS), and