Handling of expired RRSIG records - ise.gov

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed May 21 12:01:33 UTC 2014


On Wed, May 21, 2014 at 12:56:32PM +0100,
 Simon Waters <simon.waters at surevine.com> wrote 
 a message of 58 lines which said:

> BIND 9 logs report: RRSIG has expired for "www.ise.gov"

Indeed.

www.ise.gov.		43200 IN RRSIG CNAME 5 3 43200 (
				20140513120652 20140413120652
                                ^^^^^^^^
                                More than a week ago.

> Yet I can still resolve and visit the website http://ise.gov/

Probably because there is no DS record for ise.gov, which prevents the
validator to try.



More information about the bind-users mailing list