A problem with many ccTLD in Africa
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Nov 8 20:31:12 UTC 2024
Several ccTLD in Africa have a secondary at Afrinic, an anycasted
server. One of the instances of this server no longer refreshes the
content of the zone files, for at least a week.
You can see that, for instance, in .mz, testing with RIPE Atlas
probes, we see one instance still at serial 2024102915:
% blaeu-resolve --requested 100 --nsid --nameserver ns-mz.afrinic.net --type SOA mz
Nameserver ns-mz.afrinic.net
[NSID: s01-ns2.pkl; anyns.uem.mz. hostmaster.nic.mz. 2024110820 480 300 259200 21600] : 20 occurrences
[NSID: s03-ns2.iso; anyns.uem.mz. hostmaster.nic.mz. 2024110820 480 300 259200 21600] : 31 occurrences
[NSID: s01-ns2.pkl; anyns.uem.mz. hostmaster.nic.mz. 2024102915 480 300 259200 21600] : 20 occurrences
[NSID: 481m3; anyns.uem.mz. hostmaster.nic.mz. 2024110820 480 300 259200 21600] : 1 occurrences
[NSID: s04-ns2.jnb; anyns.uem.mz. hostmaster.nic.mz. 2024110820 480 300 259200 21600] : 2 occurrences
Test #81695464 done at 2024-11-08T20:25:46Z
[Warning, there are two instances with the same NSID, s01-ns2.pkl,
only one is broken.]
It is specially annoying for DNSSEC, of course, since this instance
now serves expired signatures for some TLDs. I had reports that
resolution break for some people (when receving these expired
signatures, the resolver should try another authoritative name server
but, apparently, not all of them do).
This has been reported to Afrinic (ticket [DNS #924626]) and to the
contacts of these TLD.
More information about the dns-operations
mailing list