DNSSEC Outage: 2021-04-17 to 2021-04-18

Date: April 17, 2021


This page gives some details on the DNSSEC outage from April 17 to April 18, 2021. This DNSSEC outage lasted a day and a half. Haha!

Timeline / DNSViz

Here is a mirror which shows the outage in DNSViz, courtesy of

DNSSEC Debugger

Unlike DNSViz, Verisign's DNSSEC Debugger doesn't archive results, so here's a screenshot of my web browser's output from April 18, 2021:

April 18, 2021 DNSSEC outage

Zonemaster saw this outage. See the historical view courtesy of Here's a screenshot:

April 18, 2021 DNSSEC outage, seen from


This DNSSEC outage was discussed on Twitter. Kenn White wrote: "Gift that keeps on giving: the network team at Parler didn't implement DNSSEC properly, and have effectively DOS'd themselves." ( copy)

And Barry Dorrans wrote: "Dnssec proves its worth" ( copy)

Please note that Jason Livingood's tweet contains some common DNSSEC misinformation: "...whoever manages Parler's DNS let their encryption key expire..." ( copy) In pro-DNSSEC circles it's extremely common to make the false claim or implication that DNSSEC is encrypted. DNSSEC is not encrypted! DNSSEC signs resource records. It doesn't encrypt them. So Parler's "encryption key" doesn't exist. Parler's DNSSEC signing key expired.