usfj.mil DNSSEC Outage: 2016-04-08 to 2016-04-09

Updated: April 11, 2016

Overview

This page gives some details on the usfj.mil DNSSEC outage on April 9, 2016. It was the 12th DNSSEC outage of the year for usfj.mil.

Note: usfj.mil had just had DNSSEC outages from April 7 to April 8, and a separate one also on April 8. It was fixed for a while before this outage began. After a short period of uptime, the old, expired DNSKEY RRSIG from that outage was re-deployed, causing a new distinct DNSSEC outage. Crazy but true.

Timeline / DNSViz

• (2016-04-07 21:48:24 UTC) — RRSIGs expire. This old DNSKEY was put back into service, causing the outage
• 2016-04-09 12:17:45 UTC — first personally observed DNSSEC failure
• 2016-04-09 14:45:56 UTC — expired RRSIGs
• 2016-04-09 22:22:44 UTC — last personally observed DNSSEC failure
• 2016-04-09 22:45:47 UTC — some expired RRSIGs, but most "important" queries succeed