[prev in list] [next in list] [prev in thread] [next in thread]
List: dns-operations
Subject: Re: [dns-operations] Missing DS change within a rollover on a few .GOV domains?
From: Mauricio Vergara Ereche <mave () cero32 ! cl>
Date: 2015-09-25 23:54:49
Message-ID: CAAk_VVgZ-RpF_BzWsuNaaHEZVdm38CLuvTJQJyGOCKCr5Ee-8g () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks Mark,
I already sent an email there, but i was wondering if there was someone
else closer over here.
Anyway, since i sent the email seems like they changed the DS records for
both zones.
Although I must be honest that I don't know if there still are other
domains on the same issue as this one.
Kind regards,
Mauricio
On Fri, Sep 25, 2015 at 4:46 PM, Mark Andrews <marka@isc.org> wrote:
>
> Whois is you friend though the whois for .gov itself is a joke.
>
> % DOTGOV WHOIS Server ready
> Domain Name: DOTGOV.GOV
> Status: ACTIVE
>
> >>> Last update of whois database: 2015-09-25T23:37:39Z <<<
> Please be advised that this whois server only contains information
> pertaining
> to the .GOV domain. For information for other domains please use the whois
> server at RS.INTERNIC.NET.
>
> IANA at least maintains good whois data.
>
> domain: GOV
>
> organisation: General Services Administration
> organisation: Attn: QTDC, 2E08 (.gov Domain Registration)
> address: 10304 Eaton Place
> address: Fairfax Virginia 22030
> address: United States
>
> contact: administrative
> name: Program Manager
> organisation: General Services Administration, Office of Governmentwide
> Policy
> address: One Constitution Square
> address: 1275 First Street,NE
> address: Washington, DC 20417
> address: United States
> phone: +1 202 501 0282
> e-mail: lee.ellis@gsa.gov
>
> contact: technical
> name: Registry Customer Service
> organisation: Verisign, Inc.
> address: 12061 Bluemont Way
> address: Reston Virginia 20190
> address: United States
> phone: +1 877 734 4688
> fax-no: +1 540 301 0160
> e-mail: registrar@dotgov.gov
>
> If there is a delegation problem with a .gov domain send it to the
> .gov administrators. They can then do the leg work to fix the
> problem. That said this looks like it has already been addressed.
>
> If gov or dotgov.gov is broken you will need to phone.
>
> In message <CAAk_VVgeNrpzhfyejTKdFOBw2VWe5_iPZCbt1ebSZEJrN=
> C+qQ@mail.gmail.com>
> , Mauricio Vergara Ereche writes:
> >
> > Hi there!
> >
> > It seems like some .gov domains have done a key rollover on these auth
> > servers:
> >
> > authns1.centurylink.net.
> > authns2.centurylink.net.
> > tpsns11.terrenap.net.
> > tpsns12.terrenap.net.
> > But they didn't change DS records before on the parent zone!
> >
> > There are at least 2 domains out there (state.gov as well as
> usembassy.gov)
> > that have different DS records on the parent which doesn't match with the
> > DNSKEYs
> >
> > ...and those TTLs on the zones itself are not helping very much :-(
>
> Most recursive servers will trim those to about a week.
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
>
--
Mauricio Vergara Ereche
Los Angeles, CA
http://mave.cero32.cl
[Attachment #5 (text/html)]
<div dir="ltr"><div>Thanks Mark,</div>I already sent an email there, but i was \
wondering if there was someone else closer over here.<div><br></div><div>Anyway, \
since i sent the email seems like they changed the DS records for both \
zones.</div><div><br></div><div>Although I must be honest that I don't know if \
there still are other domains on the same issue as this \
one.</div><div><br></div><div>Kind regards,</div><div>Mauricio</div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 25, 2015 at 4:46 PM, \
Mark Andrews <span dir="ltr"><<a href="mailto:marka@isc.org" \
target="_blank">marka@isc.org</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><br> Whois is you friend though the whois for .gov itself is \
a joke.<br> <br>
% DOTGOV WHOIS Server ready<br>
Domain Name: <a href="http://DOTGOV.GOV" rel="noreferrer" \
target="_blank">DOTGOV.GOV</a><br> Status: ACTIVE<br>
<br>
>>> Last update of whois database: 2015-09-25T23:37:39Z <<<<br>
Please be advised that this whois server only contains information pertaining<br>
to the .GOV domain. For information for other domains please use the whois<br>
server at <a href="http://RS.INTERNIC.NET" rel="noreferrer" \
target="_blank">RS.INTERNIC.NET</a>.<br> <br>
IANA at least maintains good whois data.<br>
<br>
domain: GOV<br>
<br>
organisation: General Services Administration<br>
organisation: Attn: QTDC, 2E08 (.gov Domain Registration)<br>
address: 10304 Eaton Place<br>
address: Fairfax Virginia 22030<br>
address: United States<br>
<br>
contact: administrative<br>
name: Program Manager<br>
organisation: General Services Administration, Office of Governmentwide Policy<br>
address: One Constitution Square<br>
address: 1275 First Street,NE<br>
address: Washington, DC 20417<br>
address: United States<br>
phone: <a href="tel:%2B1%20202%20501%200282" value="+12025010282">+1 202 \
501 0282</a><br>
e-mail: <a href="mailto:lee.ellis@gsa.gov">lee.ellis@gsa.gov</a><br>
<br>
contact: technical<br>
name: Registry Customer Service<br>
organisation: Verisign, Inc.<br>
address: 12061 Bluemont Way<br>
address: Reston Virginia 20190<br>
address: United States<br>
phone: <a href="tel:%2B1%20877%20734%204688" value="+18777344688">+1 877 \
734 4688</a><br>
fax-no: <a href="tel:%2B1%20540%20301%200160" value="+15403010160">+1 540 \
301 0160</a><br>
e-mail: <a href="mailto:registrar@dotgov.gov">registrar@dotgov.gov</a><br>
<br>
If there is a delegation problem with a .gov domain send it to the<br>
.gov administrators. They can then do the leg work to fix the<br>
problem. That said this looks like it has already been addressed.<br>
<br>
If gov or <a href="http://dotgov.gov" rel="noreferrer" target="_blank">dotgov.gov</a> \
is broken you will need to phone.<br> <br>
In message <CAAk_VVgeNrpzhfyejTKdFOBw2VWe5_iPZCbt1ebSZEJrN=<a \
href="mailto:C%2BqQ@mail.gmail.com">C+qQ@mail.gmail.com</a>><br> <span class="">, \
Mauricio Vergara Ereche writes:<br> ><br>
> Hi there!<br>
><br>
> It seems like some .gov domains have done a key rollover on these auth<br>
> servers:<br>
><br>
> <a href="http://authns1.centurylink.net" rel="noreferrer" \
target="_blank">authns1.centurylink.net</a>.<br> > <a \
href="http://authns2.centurylink.net" rel="noreferrer" \
target="_blank">authns2.centurylink.net</a>.<br> > <a \
href="http://tpsns11.terrenap.net" rel="noreferrer" \
target="_blank">tpsns11.terrenap.net</a>.<br> > <a \
href="http://tpsns12.terrenap.net" rel="noreferrer" \
target="_blank">tpsns12.terrenap.net</a>.<br> > But they didn't change DS \
records before on the parent zone!<br> ><br>
> There are at least 2 domains out there (<a href="http://state.gov" \
rel="noreferrer" target="_blank">state.gov</a> as well as <a \
href="http://usembassy.gov" rel="noreferrer" target="_blank">usembassy.gov</a>)<br> \
> that have different DS records on the parent which doesn't match with \
the<br> > DNSKEYs<br>
><br>
> ...and those TTLs on the zones itself are not helping very much :-(<br>
<br>
</span>Most recursive servers will trim those to about a week.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Mark Andrews, ISC<br>
1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
PHONE: <a href="tel:%2B61%202%209871%204742" value="+61298714742">+61 2 9871 4742</a> \
INTERNET: <a href="mailto:marka@isc.org">marka@isc.org</a><br> \
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div \
class="gmail_signature"><div dir="ltr">Mauricio Vergara Ereche<br>Los Angeles, \
CA<br><a href="http://mave.cero32.cl" \
target="_blank">http://mave.cero32.cl</a></div></div> </div>
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic