DNSSEC Outage: 2017-10-24

Date: October 24, 2017


This page gives some details on the DNSSEC outage on October 24, 2017.

Timeline / DNSViz

DNSSEC Debugger

Unlike DNSViz, Verisign's DNSSEC Debugger doesn't archive results, so here's a screenshot of my web browser's output from October 24, 2017:

October 24, 2017 DNSSEC outage



drill trace

Since DNSSEC contains so much garbage, I put the complete drill trace into its own file with the relevant portion below (emphasis added):

;; Domain:
;; Signature ok but no chain to a trusted key or ds record
[S] 3600 IN DNSKEY 256 3 8 ;{id = 31984 (zsk), size = 1024b} 3600 IN DNSKEY 257 3 8 ;{id = 27581 (ksk), size = 2048b}
[S] Existence denied: A
;;[S] self sig OK; [B] bogus; [T] trusted

Logfile examples