[dns-operations] .mm off the air for anyone who validates
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Jan 18 08:33:27 UTC 2013
On Fri, Jan 18, 2013 at 09:08:37AM +1100,
Mark Andrews <marka at isc.org> wrote
a message of 38 lines which said:
> .mm failed to re-sign their DNSKEY RRset.
Note that, because Unbound is tolerant by default ("10 % rule"),
Unbound users will see the problem only on Sunday:
# BIND
% dig @149.20.64.20 DNSKEY mm
; <<>> DiG 9.8.1-P1 <<>> @149.20.64.20 DNSKEY mm
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55082
...
# Unbound
% dig @149.20.64.21 DNSKEY mm
; <<>> DiG 9.8.1-P1 <<>> @149.20.64.21 DNSKEY mm
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49745
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;mm. IN DNSKEY
;; ANSWER SECTION:
mm. 3600 IN DNSKEY 257 3 8 AwEAAeppx7tDCcQCoAW9qJiUJAET1MEH+a/ToybbGj4DkCCdNWWupbcF jgwVd5AZYoCV2RZIXQEN1gV89ZON1wsGIXyG23bB9FazmF7jgqaIqY5q Hk8/YuYZ1Pe/NvGSDn1bprrtjQLhsfQyVCcgr8plvhh7gvvoHXak+lN3 jvUtuKAADYMnVTurVcxBUOCE2oVbCqdgE9TWK4NrcEOW+ClqmDzG20qm N3wOXh9/MWKxQZZPrqC7vPqJC8iNQcE7L6r4NhtV7OjjzftwyRtIzsvr zc0mOL10eXHdhFDYaCgri7q2GfuQNcrW6zHh9J85dk5YNwlvUciRIFSN JRJ4fYDJM/M=
...
More information about the dns-operations
mailing list