[Pdns-users] DNSSEC-Problems on g.root-servers.net?
Christian Renner
christian.renner at iway.ch
Mon Sep 17 08:39:38 UTC 2018
Hi
Since about 20 hours we see many dnssec validation errors on all of our pdns recursors.
A few recent examples:
Sep 17 10:12:37 ac-rns2 pdns_recursor[24059]: Answer to onba.zkb.ch|A for 178.22.104.86:36796 validates as Bogus
Sep 17 10:12:25 ac-rns2 pdns_recursor[24059]: Answer to cdn.migros.ch|A for 185.104.84.182:34036 validates as Bogus
Sep 17 10:12:48 ac-rns1 pdns_recursor[111558]: Answer to smtp.phys.ethz.ch|A for 83.150.57.154:52291 validates as Bogus
Sep 17 10:12:37 ac-rns1 pdns_recursor[111558]: Answer to www.admin.ch|A for 212.25.2.169:59487 validates as Bogus
Anyone else with the same issues?
DNSViz always shows the same behaviour:
http://dnsviz.net/d/onba.zkb.ch/dnssec/
http://dnsviz.net/d/www.admin.ch/dnssec/
Errors (3)
• ./DNSKEY: No response was received from the server over UDP (tried 4 times). (2001:500:12::d0d, UDP_0_EDNS0_32768_512)
• NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the SNAME (admin.ch).
• NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the SNAME (admin.ch).
2001:500:12::d0d is g.root-servers.net
Regards
Christian
More information about the Pdns-users
mailing list