[Dnssec-deployment] NIST.gov broken?
Roland van Rijswijk
Roland.vanRijswijk at surfnet.nl
Mon Jul 25 11:34:32 EDT 2011
Hi all,
Is it just me or are the nist.gov broken vis-a-vis DNSSEC? My logs are swamped with:
Jul 25 17:31:23 ns0 unbound: [2239:1] info: validation failure <time-a.nist.gov. A IN>: key for validation nist.gov. is marked as invalid because of a previous validation failure <time.nist.gov. A IN>: No DNSKEY record from 129.6.13.2 for key nist.gov. while building chain of trust
Jul 25 17:31:31 ns0 unbound: [2239:0] info: validation failure <time.nist.gov. A IN>: No DNSKEY record from 132.163.4.9 for key nist.gov. while building chain of trust
Jul 25 17:31:31 ns0 unbound: [2239:1] info: validation failure <time.nist.gov. A IN>: No DNSKEY record from 132.163.4.10 for key nist.gov. while building chain of trust
Jul 25 17:31:31 ns0 unbound: [2239:1] info: validation failure <time-nw.nist.gov. A IN>: No DNSKEY record from 132.163.4.10 for key nist.gov. while building chain of trust
Jul 25 17:31:35 ns0 unbound: [2239:1] info: validation failure <time-a.nist.gov. A IN>: key for validation nist.gov. is marked as invalid because of a previous validation failure <time-nw.nist.gov. A IN>: No DNSKEY record from 132.163.4.10 for key nist.gov. while building chain of trust
Flushing cache entries for nist.gov or for gov. doesn't solve the problem... I briefly checked what DNSViz says, and it reports similar errors to what our resolvers are reporting.
Cheers,
Roland
-- Roland M. van Rijswijk
-- SURFnet Middleware Services
-- t: +31-30-2305388
-- e: roland.vanrijswijk at surfnet.nl
More information about the Dnssec-deployment
mailing list