Re: [dns-operations] GOV zone operational update: DNSSEC transition to algorithm 13

2024-05-23 Thread Christian Elmerot
We are continuing the DNSSEC algorithm transition of the .GOV TLD to algorithm 13 as the delays seen on C-root servers looks to have been fully fixed and been looking stable Expect DS records for algorithm 13 to be published shortly Christian Elmerot Cloudflare Authoritative DNS On 2024-05

Re: [dns-operations] GOV zone operational update: DNSSEC transition to algorithm 13

2024-05-22 Thread Christian Elmerot
On 2024-05-22 10:01, Stephane Bortzmeyer wrote: On Wed, May 22, 2024 at 09:23:12AM +0200, Christian Elmerot wrote ... We are putting the transition on hold for the moment until all the root servers are publishing the same version of the root zone Note that .INT's new DS with ECDS

Re: [dns-operations] GOV zone operational update: DNSSEC transition to algorithm 13

2024-05-22 Thread Christian Elmerot
sign the zone. Update to add the new algorithm 13 DS records to the root had been submitted to IANA but are not yet published. We are putting the transition on hold for the moment until all the root servers are publishing the same version of the root zone On 2024-05-13 21:19, Christian Elmerot

[dns-operations] GOV zone operational update: DNSSEC transition to algorithm 13

2024-05-13 Thread Christian Elmerot
urage you to reach out to us with any questions or reports of unexpected behavior related to the transition. Christian Elmerot, Cloudflare ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinf

Re: [dns-operations] DNS .com/.net resolution problems in the Asia/Pacific region

2023-07-12 Thread Christian Elmerot
On 2023-07-12 05:50, Viktor Dukhovni wrote: On Tue, Jul 11, 2023 at 10:51:47PM -0400, Viktor Dukhovni wrote: In .COM CZDS zone file snapshot of .COM from ~midnight UTC 2023-07-11 the range of non-apex RRSIG inception times was: 20230707025004 – 20230710225021 With corresponding expirat

Re: [dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail

2020-05-28 Thread Christian Elmerot
\.huachuca\.netcom\.mesg\.epdns-global.mail.mil. 2007170737 900 90 2419200 300 which breaks denial-of-existence for this zone for any downstream validators, ... I'm not quite sure I'd expect validators to handle the erroneous TLSA payload proper if they can't deal with that mai

Re: [dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail

2020-05-27 Thread Christian Elmerot
is likely due to an older version of our API not performing the correct validations for TLSA records and it is unfortunate the zone owners never checked the output. Christian Elmerot, Cloudflare ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail

2020-04-20 Thread Christian Elmerot
As for the "oddball mix" of types, well that's our NSEC black-lies in action (as Vladimir pointed out) Christian Elmerot, Cloudflare ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations