[Dnssec-deployment] NIST.gov broken?
Scott Rose
scottr.nist at gmail.com
Mon Jul 25 11:44:14 EDT 2011
Yes, there are problems on our end and the operations guys are short handed this week. Not sure when it will be fixed.
Scott
On Jul 25, 2011, at 11:34 AM, Roland van Rijswijk wrote:
> Hi all,
>
> Is it just me or are the nist.gov broken vis-a-vis DNSSEC? My logs are swamped with:
>
> Jul 25 17:31:23 ns0 unbound: [2239:1] info: validation failure <time-a.nist.gov. A IN>: key for validation nist.gov. is marked as invalid because of a previous validation failure <time.nist.gov. A IN>: No DNSKEY record from 129.6.13.2 for key nist.gov. while building chain of trust
> Jul 25 17:31:31 ns0 unbound: [2239:0] info: validation failure <time.nist.gov. A IN>: No DNSKEY record from 132.163.4.9 for key nist.gov. while building chain of trust
> Jul 25 17:31:31 ns0 unbound: [2239:1] info: validation failure <time.nist.gov. A IN>: No DNSKEY record from 132.163.4.10 for key nist.gov. while building chain of trust
> Jul 25 17:31:31 ns0 unbound: [2239:1] info: validation failure <time-nw.nist.gov. A IN>: No DNSKEY record from 132.163.4.10 for key nist.gov. while building chain of trust
> Jul 25 17:31:35 ns0 unbound: [2239:1] info: validation failure <time-a.nist.gov. A IN>: key for validation nist.gov. is marked as invalid because of a previous validation failure <time-nw.nist.gov. A IN>: No DNSKEY record from 132.163.4.10 for key nist.gov. while building chain of trust
>
> Flushing cache entries for nist.gov or for gov. doesn't solve the problem... I briefly checked what DNSViz says, and it reports similar errors to what our resolvers are reporting.
>
> Cheers,
>
> Roland
>
> -- Roland M. van Rijswijk
> -- SURFnet Middleware Services
> -- t: +31-30-2305388
> -- e: roland.vanrijswijk at surfnet.nl
>
More information about the Dnssec-deployment
mailing list