.lixil TLD DNSSEC Outage: 20160107

Updated: January 7, 2016


This page gives some details on the lixil TLD DNSSEC outage on January 7, 2016.

This was part of a mass TLD DNSSEC outage affecting 10 TLDs, including .toyota, .bridgestone, .epson, .honda, .hyundai, .kia, .komatsu, .lixil, .nec, .ricoh, and .rio. These TLDs all use the same DNS provider:

for tld in bridgestone epson honda hyundai kia komatsu lixil nec ricoh toyota; do
        dig +short `dig +short ns $tld.`
done | sort | uniq -c | sort -rn


That provider most likely had issues which explain the outages. In 8 of 10 TLDs, the outage cause was "no keys have a DS with algorithm RSASHA256." In the case of .ricoh and .toyota, the cause was "signatures from unknown keys."

Timeline / DNSViz

Logfile examples