Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

.biz DNSSEC DNSKEY is Invalid

Published: 2013-06-22
Last Updated: 2013-06-23 19:17:23 UTC
by Guy Bruneau (Version: 2)
0 comment(s)

We have received indication that the domain .biz DNSSEC DNSKEY is "bogus" and failing DNSSEC validation. Resolving isc.biz with VeriSign Labs indicates "None of the 5 DNSKEY records could be validated by any of the 2 DS records" and "The DNSKEY RRset was not signed by any keys in the chain-of-trust".

When we receive additional information, we will update the diary.

Update: NANOG recommended a resolver flush and reported it was clearing up. There are no reports as to why this happened.

[1] http://dnssec-debugger.verisignlabs.com/isc.biz

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: biz DNSKEY DNSSEC
0 comment(s)
Diary Archives