[dns-operations] Problems resolving .gov using DLV

Michael Sinatra michael at rancid.berkeley.edu
Mon Mar 16 20:54:42 UTC 2009


Hi,

Is anyone else having problems resolving .gov using the ISC DLV?  Just
about an hour ago, my caching resolvers started choking on .gov
addresses with the following errors (the timestamp in PDT [offset -0700]
represents the earliest log entry in my resolvers.

I am currently trying to manually grab the trust anchor and add it to my
BIND config to see if that helps.  In the meantime I am wondering if
anyone else is seeing the problem.  (Note that I only have two trust
anchors: One for the DLV and one for .se.  I currently do not have any
manually added trust anchors for .gov or any subdomain thereof.)

16-Mar-2009 12:43:40.920 dnssec: info:   validating @0x842f89000:
GT6F85BNJETCHV2RSE9H4U44V5QRHFON.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info:   validating @0x8428cc000:
NHQ1OKBN4C6SVH684SOJTC25JFOHEB23.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info:   validating @0x842f89000:
GT6F85BNJETCHV2RSE9H4U44V5QRHFON.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info:   validating @0x8377e7000:
01BQVVC92HDUCS6JO571RA0M7AAB1TJ2.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info:   validating @0x8377e6000:
FCHQ9FMNKR7B37322STB71CNCNRB6C02.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info:   validating @0x8377e7000:
01BQVVC92HDUCS6JO571RA0M7AAB1TJ2.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info:   validating @0x8377e6000:
FCHQ9FMNKR7B37322STB71CNCNRB6C02.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.946 dnssec: info:   validating @0x842f93000: gov
SOA: no valid signature found
16-Mar-2009 12:43:40.946 dnssec: info:   validating @0x842f93000: gov
SOA: no valid signature found


michael


More information about the dns-operations mailing list