[dns-operations] Missing DoE NSEC RRs for .xn--ogbpf8fl from sy.cctld.authdns.ripe.net[193.0.9.113]

Anand Buddhdev anandb at ripe.net
Tue Jul 24 13:53:51 UTC 2018


Hi Viktor,

The theory at the moment is that something is going wrong during IXFR
when the NSEC3PARAM record changes.

I have a bug report open with NLNetLabs, and they are investigating the
issue:

https://nlnetlabs.nl/bugs-script/show_bug.cgi?id=4133

We forced a full AXFR of the zone on all the NSD servers in the
sy.cctld.authdns.ripe.net cluster, and they are all returning the
correct NSEC3 records for DoE now.

Regards,
Anand Buddhdev
RIPE NCC

On 23/07/2018 17:10, Anand Buddhdev wrote:
> Hi Viktor,
> 
> Thanks for bringing this to our attention. The sy.cctld.authdns.ripe.net
> server is in fact an anycast cluster of 10 servers, of which 4 run NSD.
> All 4 of these NSD servers are exhibiting this issue. Restarting NSD
> fixes it, but we'd like to keep running it for just a bit longer, to
> collect some diagnostics which will help the developers.



More information about the dns-operations mailing list