Is it me or does energystar.gov no longer validate?
Havard Eidnes
he at uninett.no
Wed Jan 23 10:20:16 UTC 2019
> somebody complained that our resolvers could no longer resolve
> energystar.gov
>
> https://dnssec-analyzer.verisignlabs.com/energystar.gov
>
> It seems the reports of the crumbling security of the .gov domain as a
> side-effect of the shutdown aren't exaggerated:
>
> https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html
>
> Or am I doing something wrong?
It's not just you; their DNSSEC signatures have expired:
bash-4.4$ dig energystar.gov. ns +norec
...
;; AUTHORITY SECTION:
energystar.gov. 86158 IN NS ns1.energystar.gov.
energystar.gov. 86158 IN NS ns2.energystar.gov.
;; ADDITIONAL SECTION:
ns1.energystar.gov. 86158 IN A 162.159.24.254
ns2.energystar.gov. 86158 IN A 162.159.25.236
ns1.energystar.gov. 86158 IN AAAA 2400:cb00:2049:1::a29f:18fe
ns2.energystar.gov. 86158 IN AAAA 2400:cb00:2049:1::a29f:19ec
...
bash-4.4$ dig @162.159.24.254 energystar.gov. ns +norec +dnssec
...
;; ANSWER SECTION:
energystar.gov. 14400 IN NS ns1.energystar.gov.
energystar.gov. 14400 IN NS ns2.energystar.gov.
energystar.gov. 14400 IN RRSIG NS 8 2 14400 20190113050003 20181204050003 9423 energystar.gov. kB3zF7HOZBskMLHZ4jDO0rLwIklEnkJQfxTJBKKRyw6QPWtK/QdzCgRr QIfkPl7osIoETk0HmAasJMfnOXQ2OIfT/NILhiltI2mYpjVdbjgpmvsR 2SOqzdpxMITDHl2dX7zrB6gN8Sa6jpaWz7z/y4VhP9shC+5rm3xEDsoe dOYq/0484Lu+gerxFEp9nF+0xROxpUGPJiJyPxzvimcDZ3Swyk/jZtVt ltkDKAfvCSpq9XgxMFwNtpegRrk6duz0z4ccePhv67xY/ZKXu0bF7CLs zKp2XFVjCk0iK9CePte+Z43qvDllmZAy6xZgqsni8bmqgDeATOxozNEX f4uQkw==
...
Clearly, we're past 2019.01.13 by now.
I'm however surprised their DNSSEC signature renewal doesn't
appear to have been fully automated.
Regards,
- Håvard
More information about the Unbound-users
mailing list