DNSSEC KSK Rollover test
Please take a moment to go to http://dnssec-failed.org. One of two things will happen: 1. You will not be able to reach the site. or 2. You will get a page on Comcast Network Management. If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you. If you will be on the ALAC meeting, please do this before the meeting so you can report your results. Alan
HI I cannot be on the call but this is why I get when using comcast as my ISP Hmm. We’re having trouble finding that site. We can’t connect to the server at www.dnssec-failed.org. If that address is correct, here are three other things you can try: Try again later. Check your network connection. If you are connected but behind a firewall, check that Firefox has permission to access the Web. _________________________________________________________________________ Judith Hellerstein, Founder & CEO Hellerstein & Associates 3001 Veazey Terrace NW, Washington DC 20008 Phone: (202) 362-5139 Skype ID: judithhellerstein Mobile/Whats app: +1202-333-6517 E-mail: Judith@jhellerstein.com Website: www.jhellerstein.com Linked In: www.linkedin.com/in/jhellerstein/ Opening Telecom & Technology Opportunities Worldwide On 3/27/2018 1:41 PM, Alan Greenberg wrote:
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
Result 2 from Port of Spain, Trinidad BTW, another test site is https://dnssec.vs.uni-due.de/ which is IMO straightforward Also, posted a comment to the https://community.icann.org/x/dw28B page. Dev Anand On Tue, Mar 27, 2018 at 1:53 PM, Judith Hellerstein <judith@jhellerstein.com> wrote:
HI Alan,
My other test was using firefox When using Chrome I get this
This site can’t be reached
dnssec-failed.org’s server IP address could not be found.
Search Google for dnssec failed org
It gives me the option to show the saved version and when I do I get the comcast network management page
Judith
_________________________________________________________________________ Judith Hellerstein, Founder & CEO Hellerstein & Associates 3001 Veazey Terrace NW, Washington DC 20008 Phone: (202) 362-5139 Skype ID: judithhellerstein Mobile/Whats app: +1202-333-6517 E-mail: Judith@jhellerstein.com Website: www.jhellerstein.com Linked In: www.linkedin.com/in/jhellerstein/ Opening Telecom & Technology Opportunities Worldwide
On 3/27/2018 1:41 PM, Alan Greenberg wrote:
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
Result 2 in Oak Brook, IL (Not dnssec enabled) On Tue, Mar 27, 2018, 12:47 PM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
Hi Alan, I have just tried the link, and got the page on Comcast Network Management which makes sense because we are not DNNSSEC-enabled here in the Cook Islands. M On Tue, Mar 27, 2018 at 7:41 AM, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/di splay/atlarge/At-Large+Advisory+Committee+(ALAC)
From my cellphone in San Juan, I successfully arrived at Comcast’s page. Javier Rúa-Jovet +1-787-396-6511 twitter: @javrua skype: javier.rua1 https://www.linkedin.com/in/javrua
On Mar 27, 2018, at 1:41 PM, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
Hi Alan,
From Nairobi , Kenya i managed to land on the Comcast page.
Best On Tue, Mar 27, 2018 at 9:19 PM, Javier Rua <javrua@gmail.com> wrote:
From my cellphone in San Juan, I successfully arrived at Comcast’s page.
Javier Rúa-Jovet
+1-787-396-6511 <+1%20787-396-6511> twitter: @javrua skype: javier.rua1 https://www.linkedin.com/in/javrua
On Mar 27, 2018, at 1:41 PM, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+ Advisory+Committee+(ALAC)
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+ Advisory+Committee+(ALAC)
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
Result 2 from Lima, Peru. Regards, Maritza Descarga Outlook para iOS<https://aka.ms/o0ukef> ________________________________ From: ALAC <alac-bounces@atlarge-lists.icann.org> on behalf of Barrack Otieno <otieno.barrack@gmail.com> Sent: Tuesday, March 27, 2018 2:47:28 PM To: Javier Rua Cc: ALAC; Alan Greenberg Subject: Re: [ALAC] DNSSEC KSK Rollover test Hi Alan,
From Nairobi , Kenya i managed to land on the Comcast page.
Best On Tue, Mar 27, 2018 at 9:19 PM, Javier Rua <javrua@gmail.com<mailto:javrua@gmail.com>> wrote:
From my cellphone in San Juan, I successfully arrived at Comcast’s page.
Javier Rúa-Jovet +1-787-396-6511<tel:+1%20787-396-6511> twitter: @javrua skype: javier.rua1 https://www.linkedin.com/in/javrua On Mar 27, 2018, at 1:41 PM, Alan Greenberg <alan.greenberg@mcgill.ca<mailto:alan.greenberg@mcgill.ca>> wrote: Please take a moment to go to http://dnssec-failed.org. One of two things will happen: 1. You will not be able to reach the site. or 2. You will get a page on Comcast Network Management. If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you. If you will be on the ALAC meeting, please do this before the meeting so you can report your results. Alan _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org<mailto:ALAC@atlarge-lists.icann.org> https://atlarge-lists.icann.org/mailman/listinfo/alac At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...) _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org<mailto:ALAC@atlarge-lists.icann.org> https://atlarge-lists.icann.org/mailman/listinfo/alac At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...) -- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
For those using massive public resolvers such as 8.8.8.8 the result was predicted :) вт, 27 марта 2018 г. в 20:47, Alan Greenberg <alan.greenberg@mcgill.ca>:
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
-- -- {ak}
For the record, here are test results from Trivandrum, India, for the five service providers that I'm using: Asianet Broadband (Cable): No site loaded BSNL DSL: Comcast Network Management IDEA Mobile GPRS: Comcast Network Management Reliance Data Dongle: Comcast Network Management Airtel 4G Data Dongle: Comcast Network Management Interesting that the only provider with DNSSEC enabled is the local broadband (CableTV) provider, while none of the four national service providers have DNSSEC enabled. satish On Wed, Mar 28, 2018 at 3:03 AM, Andrei Kolesnikov <andrei@rol.ru> wrote:
For those using massive public resolvers such as 8.8.8.8 the result was predicted :)
вт, 27 марта 2018 г. в 20:47, Alan Greenberg <alan.greenberg@mcgill.ca>:
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+ Advisory+Committee+(ALAC)
-- -- {ak}
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+ Advisory+Committee+(ALAC)
I get the Comast Network Management page as attached screenshot. Kaili ----- Original Message ----- From: "Alan Greenberg" <alan.greenberg@mcgill.ca> To: "ALAC" <alac@atlarge-lists.icann.org> Sent: Wednesday, March 28, 2018 1:41 AM Subject: [ALAC] DNSSEC KSK Rollover test
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
A better tool, probably because it is a lot more self explanatory, developed by Lutz Donnerhacke, from our EURALO ALS Förderverein Informationstechnik und Gesellschaft (FITUG) e.V, is available at: http://dnssec.donnerhacke.de/ Best, Olivier On 27/03/2018 19:41, Alan Greenberg wrote:
Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
Hi Olivier Yes this is a much better tool. Thanks to you and Lutz for sharing it Judith Sent from my iPhone Judith@jhellerstein.com Skype ID:Judithhellerstein
On Mar 29, 2018, at 3:58 PM, Olivier MJ Crépin-Leblond <ocl@gih.com> wrote:
A better tool, probably because it is a lot more self explanatory, developed by Lutz Donnerhacke, from our EURALO ALS Förderverein Informationstechnik und Gesellschaft (FITUG) e.V, is available at: http://dnssec.donnerhacke.de/
Best,
Olivier
On 27/03/2018 19:41, Alan Greenberg wrote: Please take a moment to go to http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
Lutz put that together after we had a long talk about whether the concept of using dnssec-failed.org would serve to give people a level of comfort about the rollover. He posted it to our DNSSEC wiki page. I didn't mention it in my message for a good reason. He need to change the text displayed if your resolver is DNSSEC-enabled. He says: What will happen during the KSK Rollover for you? Probably nothing, your resolver is validating DNSSEC correctly. Your ISP seems to make a good job in DNSSEC. That misses the entire point of this issue. If your resolver is NOT validating DNSSEC, then that is the correct answer - you will be unaffected by the rollover. But if it is validating DNSSEC, then you will be ok ONLY IF THE SECOND TRUST ANCHOR IS INSTALLED. If it is not installed, you will be blacked out. This is the entire uncertainty we have been discussing - the number of users who will find out they are DNSSEC enabled but not using the then current key. What he should be saying here is that you reall need to contact your ISP (or whoever provides your DNS) and verify that they know about the rollover. So it is prettier, but it currently sends the wrong message. When it is fixed, it will be a fine tool to tell people about. Alan At 29/03/2018 06:58 PM, Olivier MJ Crépin-Leblond wrote:
A better tool, probably because it is a lot more self explanatory, developed by Lutz Donnerhacke, from our EURALO ALS Förderverein Informationstechnik und Gesellschaft (FITUG) e.V, is available at: <http://dnssec.donnerhacke.de/>http://dnssec.donnerhacke.de/
Best,
Olivier
On 27/03/2018 19:41, Alan Greenberg wrote:
Please take a moment to go to <http://dnssec-failed.org>http://dnssec-failed.org.
One of two things will happen:
1. You will not be able to reach the site.
or
2. You will get a page on Comcast Network Management.
If 2 is your result, the DNS resolver you are using is NOT DNSSEC-enabled and the KSK Rollover will be invisible to you.
If you will be on the ALAC meeting, please do this before the meeting so you can report your results.
Alan
_______________________________________________ ALAC mailing list <mailto:ALAC@atlarge-lists.icann.org>ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: <http://www.atlarge.icann.org>http://www.atlarge.icann.org ALAC Working Wiki: <https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
-- Olivier MJ Crépin-Leblond, PhD <http://www.gih.com/ocl.html>http://www.gih.com/ocl.html
Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Microsoft-Exchange-Diagnostics:
1;YTOPR01MB0396;27:UCTzWL1+OccLlrP+pYAIPPg/gS5PRFRUDfjenM/K0MydWHc3QBeRj4NGk81CTCO+34U/uI5HIanjG8J+lDk9sjS8P62+41dS1o8noGhl4TVsM02hLYjXFB7AUcHFRoVf X-Microsoft-Antispam-Message-Info:
vkarBCxQyga7/s9BtTpxlJsaG64Q03hSWWz97kCKg7mwDc8kYcky0PX6Q6/PCq104eGskqMd/V18Fu3sGgqDBOG2OfeUTfP9LT2al3WuG8p6iRtQoe/QAUOIFZqG39xyCgRqaRCrU5TzkKz3WByjtwBHEwHIlE8jzP/fVIAC3M2I62ArFu2jA1FiaS+eObPu32ZeKj9UiGXFiQp3+dYA9ZvnQ2np9FoVaOWoY5OXsKbG34hhkaTMjevCKCFXQHHzRhibYjbSP9VJ07PBmaFIjrqDgBXCqu19cmguy3K5SVuXSUgAabS4rYJO4W3l70BfN5xrps8kuFJaGv+0J2QYh0yAXTMky2Vm/wYePFDer79YNh5JrWpYue1M+/v6PogGfZpDcG70EJcz0MHb1t/8I+7j32Zy1NopZFZ6z9kMc6k=
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
participants (12)
-
Alan Greenberg -
Andrei Kolesnikov -
Barrack Otieno -
Dev Anand Teelucksingh -
Javier Rua -
John Laprise -
Judith Hellerstein -
Kan Kaili -
Maritza Y. Aguero Minano -
Maureen Hilyard -
Olivier MJ Crépin-Leblond -
Satish Babu