confirmed None of the 5 DNSKEY records could be validated by any of the 2 DS records The DNSKEY RRset was not signed by any keys in the chain-of-trust biz has SOA record a.gtld.biz. hostmaster.neustar.biz. 12161960 900 900 604800 86400 (BOGUS (security failure)) validation failure <biz. SOA IN>: no keys have a DS from 156.154.127.65 for key BIZ. while building chain of trust tcp: biz has SOA record a.gtld.biz. hostmaster.neustar.biz. 12161960 900 900 604800 86400 (BOGUS (security failure)) validation failure <biz. SOA IN>: no keys have a DS from 156.154.127.65 for key BIZ. while building chain of trust On Sat, Jun 22, 2013 at 1:45 PM, Andre Tomt <andre-nanog@tomt.net> wrote:
Seems the entire .biz tld is failing DNSSEC validation now. All of my DNSSEC validating resolvers are tossing all domains in .biz.
The non-signed domains too of course because trust of the tld itself cannot be established.