SCIENTIFIC-LINUX-USERS Archives

June 2012

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Download servers ftp[x].scientificlinux.org unreachable
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Tue, 12 Jun 2012 14:55:54 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (70 lines) 
This should be fixed now, please let us know if this is not accurate.

Pat

On 06/10/2012 08:54 AM, Vladimir Mosgalin wrote:
> Hi [log in to unmask]
>
>   On 2012.06.07 at 18:01:30 +0000, [log in to unmask] wrote next:
>
>> My apologies, should have checked with another DNS resolver.
>>
>> I shall report this DNS fault to our site admin.
>>
>> Thanks for your speedy reply.
> I'm pretty sure it was fault of either SL hosting provider or someone
> else close to it in DNS chain, not your site admin. This time, it lasted
> for a day or two, I think.
>
> Exactly same thing happened before, check out
> http://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-users&T=0&P=2757
>
>
> Few days ago, scientificlinux.org wasn't resolving for me either.
> My bind checked google DNS servers and all others and situation was the same everywhere:
>
> validating @0x7f93b01ee450: fnal.gov DNSKEY: no valid signature found (DS)
> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.4.4#53
> validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS)
> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.8.8#53
> validating @0x7f93b0c09f90: fnal.gov DNSKEY: no valid signature found (DS)
> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.70#53
> validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS)
> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.71#53
> validating @0x7f93ac1e1290: fnal.gov DNSKEY: no valid signature found (DS)
> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:6000::22#53
> validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS)
> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:910:1::2#53
> validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS)
> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.128.2.10#53
> [..skipped..]
>
> error (broken trust chain) resolving 'linux21.fnal.gov/A/IN': 8.8.4.4#53
>    validating @0x7f93ac1e1290: MLV3I3JULF9HLTIIPF6CQHA1Q51TOGTU.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY)
> error (broken trust chain) resolving 'linux21.fnal.gov/AAAA/IN': 8.8.4.4#53
> validating @0x7f93b433e5f0: linux01.fnal.gov A: bad cache hit (fnal.gov/DNSKEY)
> error (broken trust chain) resolving 'linux01.fnal.gov/A/IN': 8.8.4.4#53
>    validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY)
>    validating @0x7f93b01284d0: 6JGTJCC74FMN7VR86T153U5TDA4MBUDT.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY)
> error (broken trust chain) resolving 'linux01.fnal.gov/AAAA/IN': 8.8.8.8#53
> validating @0x7f93b433e5f0: linux9.fnal.gov A: bad cache hit (fnal.gov/DNSKEY)
> error (broken trust chain) resolving 'linux9.fnal.gov/A/IN': 8.8.8.8#53
>    validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY)
>    validating @0x7f93b01284d0: TSR1OLABBBB6N3BA20AH8OLM0CPQE8LP.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY)
> [..and so on..]
>
>
> I believe that the fact that it started to work when you changed DNS
> resolver just means that they use outdated DNS server which doesn't care
> about DNSSEC :)
>
> Not that I need DNSSEC to trust the way SL website resolves, however
> it's somewhat sad that situations like this happen again.
>
>


-- 
Pat Riehecky
Scientific Linux Developer

ATOM RSS1 RSS2