Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsIT Pro and developers.NZ DNSSEC problem


Linux Systems Admin
940 posts

Ultimate Geek
+1 received by user: 157

Trusted
Integrity Tech Solutions
Subscriber

Topic # 201496 21-Aug-2016 13:07
Send private message

Yesterday I reported an issue to my registrar about DNSSEC records not deleting (I did a key rollover) and also being deleted when Whois information is updated. The response this morning was they have identified an issue at the registry and are working through it with NZRS. I don't have any more details but for obvious reasons I recommend anyone using DNSSEC to check the updates in the Whois until this has been solved, lest your domain become unavailable.

Create new topic
BDFL - Memuneh
61503 posts

Uber Geek
+1 received by user: 12218

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1615081 21-Aug-2016 13:10
Send private message

If I understand correctly this would affect all NZ registrars since it's a NZRS problem?

 

Also, does it affect the domain only if you make specific changes (e.g,. contact) or any change (such as renewal)? Is there a pattern?




Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure  | Business Transformation | Enterprise Content Management | Customer Relationship Management

 

 



Linux Systems Admin
940 posts

Ultimate Geek
+1 received by user: 157

Trusted
Integrity Tech Solutions
Subscriber

  Reply # 1615082 21-Aug-2016 13:14
Send private message

freitasm:

 

If I understand correctly this would affect all NZ registrars since it's a NZRS problem?

 

Also, does it affect the domain only if you make specific changes (e.g,. contact) or any change (such as renewal)? Is there a pattern?

 

 

 

 

1. I assume so. I was advised there is an issue at the registry. That's all I know.

 

2. It manifests in 2 ways: a. DNSSEC DS records can be added but not removed. b. Updating Whois contact information results in the existing DS records being removed.

 

I have no idea if the symptoms are specific to the registrar involved... or whatever... all I know is there is a problem and I advise people using DNSSEC to avoid updates or at minimum to confirm them until this matter is resolved and/or we have further information.

Meow
8018 posts

Uber Geek
+1 received by user: 4006

Moderator
Trusted
Lifetime subscriber

  Reply # 1615083 21-Aug-2016 13:22
Send private message

I've pinged @metaname for a quick comment if there was a problem with NZRS. This could be quite bad for people (like me) who run DNSSEC on multiple domains.




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial



Linux Systems Admin
940 posts

Ultimate Geek
+1 received by user: 157

Trusted
Integrity Tech Solutions
Subscriber

  Reply # 1615084 21-Aug-2016 13:24
Send private message

michaelmurfy:

 

I've pinged @metaname for a quick comment if there was a problem with NZRS. This could be quite bad for people (like me) who run DNSSEC on multiple domains.

 

 

I don't think it's a biggie as long as people don't change anything until it's fixed and/or we know what is happening.

BDFL - Memuneh
61503 posts

Uber Geek
+1 received by user: 12218

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1615087 21-Aug-2016 13:31
Send private message

I have DNSSEC in all my .NZ domains with Metaname and have DNSSEC on any domain I can with GoDaddy. I don't change stuff on the domains but I worry about renewals pretty much.




Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure  | Business Transformation | Enterprise Content Management | Customer Relationship Management

 

 

Meow
8018 posts

Uber Geek
+1 received by user: 4006

Moderator
Trusted
Lifetime subscriber

  Reply # 1615107 21-Aug-2016 14:24
Send private message

Just had a response from Metaname saying there is no current issues with the NZRS:

we've never seen an issue like this, the last time that any changes were rolled to the NZSRS was in January and that the same request of the registry API is used to manage both contact details ("Whois information") and to publish or take-down DS records.


Edit: Just noted if this is a new issue they likely have not seen it. I've been unable to replicate the issue on Metaname with one of my domains.




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial



Linux Systems Admin
940 posts

Ultimate Geek
+1 received by user: 157

Trusted
Integrity Tech Solutions
Subscriber

  Reply # 1615109 21-Aug-2016 14:31
Send private message

we've never seen an
issue like this, the last time that any changes were rolled to the
NZSRS was in January and that the same request of the
registry API is used to manage both contact details ("Whois
information") and to publish or take-down DS records.


 

One thing I know in this industry is never assume things work the way you want them to and/or how they should. An official response from NZRS would be preferable but statements saying "we haven't seen this before [implied - so it can't happen]" don't add much.

BDFL - Memuneh
61503 posts

Uber Geek
+1 received by user: 12218

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1615111 21-Aug-2016 14:33
One person supports this post
Send private message

Saw this yesterday and it's all true:

 

 

This didn't work as expected.

 

This didn't work, as expected.

 




Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure  | Business Transformation | Enterprise Content Management | Customer Relationship Management

 

 

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.