What is it?
The KSK is a public-private key pair that allows the DNSSEC protocol to secure your DNS information. The public part of the key is the starting point for DNSSEC queries similar to how the root servers are the starting point for DNS queries. The private part of the key is used by Verisign to sign the Zone Signing Keys in the DNSSEC-sign of the root zone.
What does that mean?
If you’re not using DNSSEC then you don’t have anything to worry about. DNSSEC is a additional security measure that can be taken to secure your DNS information and verify that your domain is actually yours. If you’re not sure that you’re using DNSSEC then you likely are not using it. You could ask whomever is responsible for your DNS to find out for sure.
If you are using DNSSEC then you will need to create a new key pair and retire your current key pair so that DNSSEC will keep functioning. This will be done automatically for you if you are supporting RFC5011 (https://tools.ietf.org/html/rfc5011). Otherwise, you will need to manually update the trust anchor at http://data.iana.org/root-anchors/ and you can find information about testing your configuration at https://www.icann.org/en/system/files/files/ksk-rollover-external-test-plan-22jul16-en.pdf
MxToolbox has all the DNS and DNSSEC tools you need to help you through this transition. We have everything from basic DNS lookups, to DNSKEY, NSEC and IPSECKEY lookups to comprehensive domain research tools, like Investigator. You can even validate your DNS Cert or HTTPS Certificate. All of these tools are easily accessible from
our Network Tools page (see image).
We have temporarily removed SpamCannibal from the list of the over 100 blacklists we check when you use our service. This means that it will temporarily not appear during searches.
For approximately the last week, SpamCannibal has failed to resolve in DNS and failed to respond to other queries. For the moment we are treating it like a temporary outage and simply suspending use of it while we wait for more information.
Typically, when a blacklist goes down permanently, they let everyone know by blacklisting the entire world. This has not happened. Instead, we simply stopped receiving status from queries and DNS now times out for the site. No public announcement has been made, so we are assuming that the outage is temporary until we get more information.
What’s the Status of my Monitors?
We maintain the last status of your IP address or domain associated with the monitor for each blacklist. If you were on SpamCannibal’s list before the outage, you are still considered to be blacklisted until we find our what has happened to their list. If you were not on the blacklist at the time of the outage, your status will not change.
What does this mean for email delivery?
Being on a blacklist means that if any company uses that blacklist for email delivery or rejection purposes, your email could be rejected. Anyone who was using a copy of the SpamCannibal blacklist at the time of the outage may still be using that copy for decision making purposes.
Can an IP or domain be delisted?
Not at this time. Since the site is inaccessible, there is no method for delisting available. If there is more information or the site remains down for an extended period of time, we may decide to flush all monitors that are currently listed as blacklisted by SpamCannibal.
We will continue to monitor SpamCannibal and return them to our pool of blacklists if the site should recover.