[dns-operations] help with a resolution

Warren Kumari warren at kumari.net
Wed Jan 8 01:44:43 UTC 2020


Your DNSSEC is broken - see https://dnsviz.net/d/pike-aviation.com/dnssec/

.com says that the domain is signed (with keyid 41388), but there is
no DNSKEY in the zone.
W

On Tue, Jan 7, 2020 at 8:33 PM William C <william at uubeta.com> wrote:
>
> Hi
>
> Can you help check why public nameservers (all 8.8.8.8, 1.1.1.1, 9.9.9.9
> etc) can't resolve this domain?
>
> $ dig pike-aviation.com @8.8.8.8
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> pike-aviation.com @8.8.8.8
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 15133
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;pike-aviation.com.             IN      A
>
> ;; Query time: 17 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Wed Jan 08 08:53:56 CST 2020
> ;; MSG SIZE  rcvd: 46
>
>
> But the domain's auth servers did respond it.
>
> $ dig pike-aviation.com @ns70.domaincontrol.com
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> pike-aviation.com @ns70.domaincontrol.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5923
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1472
> ;; QUESTION SECTION:
> ;pike-aviation.com.             IN      A
>
> ;; ANSWER SECTION:
> pike-aviation.com.      3600    IN      A       67.205.137.55
>
> ;; AUTHORITY SECTION:
> pike-aviation.com.      3600    IN      NS      ns70.domaincontrol.com.
> pike-aviation.com.      3600    IN      NS      ns69.domaincontrol.com.
>
> ;; Query time: 10 msec
> ;; SERVER: 173.201.72.45#53(173.201.72.45)
> ;; WHEN: Wed Jan 08 08:55:58 CST 2020
> ;; MSG SIZE  rcvd: 114
>
>
>
> Thank you.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf



More information about the dns-operations mailing list