[dns-operations] Missing DoE NSEC RRs for .xn--ogbpf8fl from sy.cctld.authdns.ripe.net[193.0.9.113]
Anand Buddhdev
anandb at ripe.net
Mon Jul 23 15:10:00 UTC 2018
Hi Viktor,
Thanks for bringing this to our attention. The sy.cctld.authdns.ripe.net
server is in fact an anycast cluster of 10 servers, of which 4 run NSD.
All 4 of these NSD servers are exhibiting this issue. Restarting NSD
fixes it, but we'd like to keep running it for just a bit longer, to
collect some diagnostics which will help the developers.
Regards,
Anand Buddhdev
RIPE NCC
On 23/07/2018 15:58, Viktor Dukhovni wrote:
>
> The response from sy.cctld.authdns.ripe.net[193.0.9.113] lacks
> the requisite NSEC records:
>
> http://dnsviz.net/d/foobar.xn--ogbpf8fl/W1XdaA/dnssec/
>
> @sy.cctld.authdns.ripe.net[193.0.9.113]
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12153
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
> ;foobar.سورية. IN A
> سورية. SOA ns1.tld.sy. dns.tld.sy. 2018072326 1200 3600 2592000 3600
> سورية. RRSIG SOA 8 1 3600 20180806041820 20180723124315 36678 سورية.
>
More information about the dns-operations
mailing list