 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 12 Jun 2012 14:58:57 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Knew I forgot something:
And thanks for the report!
On 06/12/2012 02:55 PM, Pat Riehecky wrote:
> This should be fixed now, please let us know if this is not accurate.
>
> Pat
>
> On 06/10/2012 08:54 AM, Vladimir Mosgalin wrote:
>> Hi [log in to unmask]
>>
>> On 2012.06.07 at 18:01:30 +0000, [log in to unmask] wrote next:
>>
>>> My apologies, should have checked with another DNS resolver.
>>>
>>> I shall report this DNS fault to our site admin.
>>>
>>> Thanks for your speedy reply.
>> I'm pretty sure it was fault of either SL hosting provider or someone
>> else close to it in DNS chain, not your site admin. This time, it lasted
>> for a day or two, I think.
>>
>> Exactly same thing happened before, check out
>> http://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-users&T=0&P=2757
>>
>>
>>
>> Few days ago, scientificlinux.org wasn't resolving for me either.
>> My bind checked google DNS servers and all others and situation was
>> the same everywhere:
>>
>> validating @0x7f93b01ee450: fnal.gov DNSKEY: no valid signature found
>> (DS)
>> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.4.4#53
>> validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found
>> (DS)
>> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.8.8#53
>> validating @0x7f93b0c09f90: fnal.gov DNSKEY: no valid signature found
>> (DS)
>> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.70#53
>> validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found
>> (DS)
>> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.71#53
>> validating @0x7f93ac1e1290: fnal.gov DNSKEY: no valid signature found
>> (DS)
>> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN':
>> 2001:400:6000::22#53
>> validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found
>> (DS)
>> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN':
>> 2001:400:910:1::2#53
>> validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found
>> (DS)
>> error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.128.2.10#53
>> [..skipped..]
>>
>> error (broken trust chain) resolving 'linux21.fnal.gov/A/IN': 8.8.4.4#53
>> validating @0x7f93ac1e1290:
>> MLV3I3JULF9HLTIIPF6CQHA1Q51TOGTU.fnal.gov NSEC3: bad cache hit
>> (fnal.gov/DNSKEY)
>> error (broken trust chain) resolving 'linux21.fnal.gov/AAAA/IN':
>> 8.8.4.4#53
>> validating @0x7f93b433e5f0: linux01.fnal.gov A: bad cache hit
>> (fnal.gov/DNSKEY)
>> error (broken trust chain) resolving 'linux01.fnal.gov/A/IN': 8.8.4.4#53
>> validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit
>> (fnal.gov/DNSKEY)
>> validating @0x7f93b01284d0:
>> 6JGTJCC74FMN7VR86T153U5TDA4MBUDT.fnal.gov NSEC3: bad cache hit
>> (fnal.gov/DNSKEY)
>> error (broken trust chain) resolving 'linux01.fnal.gov/AAAA/IN':
>> 8.8.8.8#53
>> validating @0x7f93b433e5f0: linux9.fnal.gov A: bad cache hit
>> (fnal.gov/DNSKEY)
>> error (broken trust chain) resolving 'linux9.fnal.gov/A/IN': 8.8.8.8#53
>> validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit
>> (fnal.gov/DNSKEY)
>> validating @0x7f93b01284d0:
>> TSR1OLABBBB6N3BA20AH8OLM0CPQE8LP.fnal.gov NSEC3: bad cache hit
>> (fnal.gov/DNSKEY)
>> [..and so on..]
>>
>>
>> I believe that the fact that it started to work when you changed DNS
>> resolver just means that they use outdated DNS server which doesn't care
>> about DNSSEC :)
>>
>> Not that I need DNSSEC to trust the way SL website resolves, however
>> it's somewhat sad that situations like this happen again.
>>
>>
>
>
--
Pat Riehecky
Scientific Linux Developer
|
|
|
