On a similar issue, why aren’t the root servers all implementing DNS COOKIES as
it provides clients protection from spoofed referrals?
--
Mark Andrews
> On 21 Jul 2023, at 03:16, David Conrad wrote:
>
> Hi,
>
>> On Jul 20, 2023, at 7:29 AM, Viktor Dukhovni wrote:
>> Finally, for the RSAC
Hi,
On Jul 20, 2023, at 7:29 AM, Viktor Dukhovni wrote:
> Finally, for the RSAC (yes not the right forum to formally lodge the
> question), should the root zone DS TTL still be 1 day? Would a change
> to one hour be acceptable (aligning with it with the practice of many
> TLDs and aiding in
On Thu, Jul 20, 2023 at 07:25:17AM -0400, Hugo Salgado wrote:
> They are aware and working on this. Thanks!
The final working state is still somewhat suboptimal:
- The KSKs are 4096 bit RSA. This is pointless, the DS RRset from
the root is signed with a 2048-bit RSA key. The additional bits
On Thu, Jul 20, 2023 at 07:25:17AM -0400,
Hugo Salgado wrote
a message of 148 lines which said:
> They are aware and working on this. Thanks!
It works now.
$ dig NS ve
; <<>> DiG 9.18.14 <<>> NS ve
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
They are aware and working on this. Thanks!
Hugo
On July 20, 2023 3:40:06 AM GMT-04:00, Stephane Bortzmeyer
wrote:
>On Thu, Jul 20, 2023 at 09:37:10AM +0200,
> Stephane Bortzmeyer wrote
> a message of 6 lines which said:
>
>> https://dnsviz.net/d/ve/ZLjinw/dnssec/
>>
>> The DS goes to a
] [DNSSEC] Venezuela ccTLD broken
Date: Thu, 20 Jul 2023 09:37:10 +0200
> https://dnsviz.net/d/ve/ZLjinw/dnssec/
>
> The DS goes to a key which does not sign (and there is no DS for the
> key which is actually signing.)
>
>
> ___
>
On Thu, Jul 20, 2023 at 09:37:10AM +0200,
Stephane Bortzmeyer wrote
a message of 6 lines which said:
> https://dnsviz.net/d/ve/ZLjinw/dnssec/
>
> The DS goes to a key which does not sign (and there is no DS for the
> key which is actually signing.)
Any contact not in .ve to tell them? My
https://dnsviz.net/d/ve/ZLjinw/dnssec/
The DS goes to a key which does not sign (and there is no DS for the
key which is actually signing.)
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net