thanks - looks like they've got it resolved, or are at least in the process of doing so... On Wed, Aug 14, 2013 at 10:17 AM, Johannes B. Ullrich Ph.D. < jullrich@sans.edu> wrote:

it appears that the .gov zone rotated its ZSK, but didn't update the corresponding DS record with the root zone.

http://dnsviz.net/d/fbi.gov/dnssec/

On Aug 14, 2013, at 9:59 AM, Steven Fischer <sfischer1967@gmail.com> wrote:

...

looks like resources in the .gov domain are unavailable to customers of any provider doing DNSSec validation. VeriSign has indicated they have received calls from multiple sources on this, and are aware that there is an issue.

-- To him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages

--

Register today for Network Security 2013, September 14-23, at Caesars Palace in Las Vegas. Choose from more than 45 hands-on infosec courses plus bonus sessions, vendor expo, and a thrilling NetWars challenge! http://www.sans.org/info/132737

Johannes B. Ullrich, Ph.D., GIAC GCIA & GWEB, SANS Technology Institute, (757) 726 7528, twitter: johullrich; http://isc.sans.edu

-- To him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy