.NZ DNSSEC problem

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › IT Pro and developers › .NZ DNSSEC problem

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#201496 21-Aug-2016 13:07

Yesterday I reported an issue to my registrar about DNSSEC records not deleting (I did a key rollover) and also being deleted when Whois information is updated. The response this morning was they have identified an issue at the registry and are working through it with NZRS. I don't have any more details but for obvious reasons I recommend anyone using DNSSEC to check the updates in the Whois until this has been solved, lest your domain become unavailable.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41037

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1615081 21-Aug-2016 13:10

If I understand correctly this would affect all NZ registrars since it's a NZRS problem?

Also, does it affect the domain only if you make specific changes (e.g,. contact) or any change (such as renewal)? Is there a pattern?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#1615082 21-Aug-2016 13:14

freitasm:

If I understand correctly this would affect all NZ registrars since it's a NZRS problem?

Also, does it affect the domain only if you make specific changes (e.g,. contact) or any change (such as renewal)? Is there a pattern?

1. I assume so. I was advised there is an issue at the registry. That's all I know.

2. It manifests in 2 ways: a. DNSSEC DS records can be added but not removed. b. Updating Whois contact information results in the existing DS records being removed.

I have no idea if the symptoms are specific to the registrar involved... or whatever... all I know is there is a problem and I advise people using DNSSEC to avoid updates or at minimum to confirm them until this matter is resolved and/or we have further information.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#1615083 21-Aug-2016 13:22

I've pinged @metaname for a quick comment if there was a problem with NZRS. This could be quite bad for people (like me) who run DNSSEC on multiple domains.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#1615084 21-Aug-2016 13:24

michaelmurfy:

I've pinged @metaname for a quick comment if there was a problem with NZRS. This could be quite bad for people (like me) who run DNSSEC on multiple domains.

I don't think it's a biggie as long as people don't change anything until it's fixed and/or we know what is happening.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41037

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1615087 21-Aug-2016 13:31

I have DNSSEC in all my .NZ domains with Metaname and have DNSSEC on any domain I can with GoDaddy. I don't change stuff on the domains but I worry about renewals pretty much.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#1615107 21-Aug-2016 14:24

Just had a response from Metaname saying there is no current issues with the NZRS:

we've never seen an issue like this, the last time that any changes were rolled to the NZSRS was in January and that the same request of the registry API is used to manage both contact details ("Whois information") and to publish or take-down DS records.

Edit: Just noted if this is a new issue they likely have not seen it. I've been unable to replicate the issue on Metaname with one of my domains.

HP

Shop now for HP laptops and other devices (affiliate link).

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#1615109 21-Aug-2016 14:31

we've never seen an
issue like this, the last time that any changes were rolled to the
NZSRS was in January and that the same request of the
registry API is used to manage both contact details ("Whois
information") and to publish or take-down DS records.

One thing I know in this industry is never assume things work the way you want them to and/or how they should. An official response from NZRS would be preferable but statements saying "we haven't seen this before [implied - so it can't happen]" don't add much.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41037

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1615111 21-Aug-2016 14:33

Saw this yesterday and it's all true:

This didn't work as expected.

This didn't work, as expected.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

News and reviews »

New ECOVACS DEEBOT T80S OMNI Available Now
Posted 9-Apr-2026 11:11

Ring Brings 4K Video to Battery-Powered Doorbells
Posted 9-Apr-2026 11:01

Synology Announces a New Privacy-First Home Monitoring Experience for BeeStation Plus
Posted 9-Apr-2026 10:02

GIGABYTE X870E AERO X3D DARK WOOD Redefines the Motherboard
Posted 7-Apr-2026 14:06

Datacom Acquires Auckland Data Centre from T4
Posted 2-Apr-2026 09:43

Spark Launches Satellite Service with SMS and data options
Posted 2-Apr-2026 09:16

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Support Geekzone »

You can support Geekzone with a one-off or recurring donation via PressPatron.

RSS feeds: Main feed; Forums feed

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright