 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Sun, 10 Jun 2012 17:54:49 +0400 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Hi [log in to unmask]
On 2012.06.07 at 18:01:30 +0000, [log in to unmask] wrote next:
>
> My apologies, should have checked with another DNS resolver.
>
> I shall report this DNS fault to our site admin.
>
> Thanks for your speedy reply.
I'm pretty sure it was fault of either SL hosting provider or someone
else close to it in DNS chain, not your site admin. This time, it lasted
for a day or two, I think.
Exactly same thing happened before, check out
http://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-users&T=0&P=2757
Few days ago, scientificlinux.org wasn't resolving for me either.
My bind checked google DNS servers and all others and situation was the same everywhere:
validating @0x7f93b01ee450: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.4.4#53
validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.8.8#53
validating @0x7f93b0c09f90: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.70#53
validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.71#53
validating @0x7f93ac1e1290: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:6000::22#53
validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:910:1::2#53
validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.128.2.10#53
[..skipped..]
error (broken trust chain) resolving 'linux21.fnal.gov/A/IN': 8.8.4.4#53
validating @0x7f93ac1e1290: MLV3I3JULF9HLTIIPF6CQHA1Q51TOGTU.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY)
error (broken trust chain) resolving 'linux21.fnal.gov/AAAA/IN': 8.8.4.4#53
validating @0x7f93b433e5f0: linux01.fnal.gov A: bad cache hit (fnal.gov/DNSKEY)
error (broken trust chain) resolving 'linux01.fnal.gov/A/IN': 8.8.4.4#53
validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY)
validating @0x7f93b01284d0: 6JGTJCC74FMN7VR86T153U5TDA4MBUDT.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY)
error (broken trust chain) resolving 'linux01.fnal.gov/AAAA/IN': 8.8.8.8#53
validating @0x7f93b433e5f0: linux9.fnal.gov A: bad cache hit (fnal.gov/DNSKEY)
error (broken trust chain) resolving 'linux9.fnal.gov/A/IN': 8.8.8.8#53
validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY)
validating @0x7f93b01284d0: TSR1OLABBBB6N3BA20AH8OLM0CPQE8LP.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY)
[..and so on..]
I believe that the fact that it started to work when you changed DNS
resolver just means that they use outdated DNS server which doesn't care
about DNSSEC :)
Not that I need DNSSEC to trust the way SL website resolves, however
it's somewhat sad that situations like this happen again.
--
Vladimir
|
|
|
