This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] post-mortem for ripe.net DNSSEC problem on 1 November 2023
- Previous message (by thread): [dns-wg] post-mortem for ripe.net DNSSEC problem on 1 November 2023
- Next message (by thread): [dns-wg] DNS-WG at RIPE 87: Call for presentations
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Janos Zsako
zsako at nic.hu
Sun Nov 5 15:13:14 CET 2023
Dear Paul, > Please find below the post mortem for the DNSSEC problem that caused > most of RIPE NCC's services to become unavailable yesterday. Thank you very much for the detailed post-mortem. > Please reach out if you have any questions or feedback. I would like to comment on a single item, see below. > New or changed records were still properly signed (363 of > them), which meant that our monitoring, which checks the signature > validity of the SOA record at the zone apex, missed this issue. It may be a good idea to check for the lowest timestamp of signature validity (of the RRSIG records) in the zone. We monitor this for .hu from the beginning (i.e. since we started signing the zone with DNSSEC). Best regards, Janos
- Previous message (by thread): [dns-wg] post-mortem for ripe.net DNSSEC problem on 1 November 2023
- Next message (by thread): [dns-wg] DNS-WG at RIPE 87: Call for presentations
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]