Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

.biz DNSSEC DNSKEY is Invalid

Published: 2013-06-22
Last Updated: 2013-06-23 19:17:23 UTC
by Guy Bruneau (Version: 2)
0 comment(s)

We have received indication that the domain .biz DNSSEC DNSKEY is "bogus" and failing DNSSEC validation. Resolving with VeriSign Labs indicates "None of the 5 DNSKEY records could be validated by any of the 2 DS records" and "The DNSKEY RRset was not signed by any keys in the chain-of-trust".

When we receive additional information, we will update the diary.

Update: NANOG recommended a resolver flush and reported it was clearing up. There are no reports as to why this happened.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: biz DNSKEY DNSSEC
0 comment(s)
Diary Archives