[dns-operations] Someone from Cloudflare here?

Mark Andrews marka at isc.org
Tue Oct 27 01:35:13 UTC 2020 

You could try emailing avpkherh1exu at contactprivacy.email (from whois) and/or dns at cloudflare.com (SOA record).

> On 27 Oct 2020, at 12:01, John Franklin <franklin at sentaidigital.com> wrote:
> 
> We've been having a problem since late last week (10/24) with a domain hosted at CF.   Somehow, the RRSIG covering the DNSKEY record has expired.  The DNSKEY record is available at the authoritative NS (sima), but ask anyone else and we get back SERVFAIL.  I'm not claiming either answer is wrong, just that the entire domain is inaccessible until a new RRSIG is generated for the DNSKEY.
> 
> What's the mechanism for resigning a DNSKEY key record?
> 
> $ dig +dnssec @sima.ns.cloudflare.com agrilinks.org DNSKEY
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1232
> ;; QUESTION SECTION:
> ;agrilinks.org.			IN	DNSKEY
> 
> ;; ANSWER SECTION:
> agrilinks.org.		3600	IN	DNSKEY	257 3 13 mdsswUyr3DPW132mOi8V9xESWE8jTo0dxCjjnopKl+GqJxpVXckHAeF+ KkxLbxILfDLUT0rAK9iUzy1L53eKGQ==
> agrilinks.org.		3600	IN	DNSKEY	256 3 13 oJMRESz5E4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8 KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA==
> agrilinks.org.		3600	IN	RRSIG	DNSKEY 13 2 3600 20201024231704 20200825231704 2371 agrilinks.org. e1Gd3UjvzbN2HWnNrRgzHoeoGEg6+swFF3JKwoF1cTJrda/O2O9J8KbP SBJuWa6T7XjFXs+bXGipIJROwxr3Sw==
> 
> 
> $ dig +dnssec @1.1.1.1 agrilinks.org DNSKEY
> 
> ; <<>> DiG 9.10.6 <<>> +dnssec @1.1.1.1 agrilinks.org DNSKEY
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55917
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 1232
> ; OPT=15: 00 06 ("..")
> ;; QUESTION SECTION:
> ;agrilinks.org.			IN	DNSKEY
> 
> Thanks,
> jf
> -- 
> John Franklin
> franklin at sentaidigital.com
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the dns-operations mailing list