[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: DNSSEC Issue Resolving .gov.au subdomains



Thanks for your report.

This issue is being handled at our public issue tracker:  https://issuetracker.google.com/issues/130107674.

We are rolling out a workaround that will disable DNSSEC validation for these as yet insecurely delegated domains:
  • act.gov.au
  • nsw.gov.au
  • nt.gov.au
  • qld.gov.au
  • sa.gov.au
  • tas.gov.au
  • vic.gov.au
  • wa.gov.au
When this is effective worldwide (expected by 2019-04-09 23:00 UTC), it will prevent the problems seen on Sunday for delegated subdomains of those domains when DNSSEC signing is enabled for the domains (but they are not themselves securely delegated by DS records in the gov.au zone).

We are also working on a fix to the bug in our DNSSEC validator that would incorrectly return validation failures for delegations like these in general.

We will provide further updates in the issue tracker only.

  

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/c721a743-e7bb-4f57-afdd-31783c024823%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.