Hi [log in to unmask] On 2012.06.07 at 18:01:30 +0000, [log in to unmask] wrote next: > > My apologies, should have checked with another DNS resolver. > > I shall report this DNS fault to our site admin. > > Thanks for your speedy reply. I'm pretty sure it was fault of either SL hosting provider or someone else close to it in DNS chain, not your site admin. This time, it lasted for a day or two, I think. Exactly same thing happened before, check out http://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-users&T=0&P=2757 Few days ago, scientificlinux.org wasn't resolving for me either. My bind checked google DNS servers and all others and situation was the same everywhere: validating @0x7f93b01ee450: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.4.4#53 validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.8.8#53 validating @0x7f93b0c09f90: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.70#53 validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.71#53 validating @0x7f93ac1e1290: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:6000::22#53 validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:910:1::2#53 validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.128.2.10#53 [..skipped..] error (broken trust chain) resolving 'linux21.fnal.gov/A/IN': 8.8.4.4#53 validating @0x7f93ac1e1290: MLV3I3JULF9HLTIIPF6CQHA1Q51TOGTU.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY) error (broken trust chain) resolving 'linux21.fnal.gov/AAAA/IN': 8.8.4.4#53 validating @0x7f93b433e5f0: linux01.fnal.gov A: bad cache hit (fnal.gov/DNSKEY) error (broken trust chain) resolving 'linux01.fnal.gov/A/IN': 8.8.4.4#53 validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY) validating @0x7f93b01284d0: 6JGTJCC74FMN7VR86T153U5TDA4MBUDT.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY) error (broken trust chain) resolving 'linux01.fnal.gov/AAAA/IN': 8.8.8.8#53 validating @0x7f93b433e5f0: linux9.fnal.gov A: bad cache hit (fnal.gov/DNSKEY) error (broken trust chain) resolving 'linux9.fnal.gov/A/IN': 8.8.8.8#53 validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY) validating @0x7f93b01284d0: TSR1OLABBBB6N3BA20AH8OLM0CPQE8LP.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY) [..and so on..] I believe that the fact that it started to work when you changed DNS resolver just means that they use outdated DNS server which doesn't care about DNSSEC :) Not that I need DNSSEC to trust the way SL website resolves, however it's somewhat sad that situations like this happen again. -- Vladimir