3/17/2009

dns-operations@Mar 16, 2009

Date: Mon, 16 Mar 2009 13:54:42 -0700
From: Michael Sinatra
Subject: [dns-operations] Problems resolving .gov using DLV
To: dns-operations@mail.dns-oarc.net
Message-ID: <49BEBC92.9060108@rancid.berkeley.edu>
Content-Type: text/plain; charset=ISO-8859-1

Hi,

Is anyone else having problems resolving .gov using the ISC DLV? Just
about an hour ago, my caching resolvers started choking on .gov
addresses with the following errors (the timestamp in PDT [offset -0700]
represents the earliest log entry in my resolvers.

I am currently trying to manually grab the trust anchor and add it to my
BIND config to see if that helps. In the meantime I am wondering if
anyone else is seeing the problem. (Note that I only have two trust
anchors: One for the DLV and one for .se. I currently do not have any
manually added trust anchors for .gov or any subdomain thereof.)

16-Mar-2009 12:43:40.920 dnssec: info: validating @0x842f89000:
GT6F85BNJETCHV2RSE9H4U44V5QRHFON.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info: validating @0x8428cc000:
NHQ1OKBN4C6SVH684SOJTC25JFOHEB23.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info: validating @0x842f89000:
GT6F85BNJETCHV2RSE9H4U44V5QRHFON.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info: validating @0x8377e7000:
01BQVVC92HDUCS6JO571RA0M7AAB1TJ2.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info: validating @0x8377e6000:
FCHQ9FMNKR7B37322STB71CNCNRB6C02.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info: validating @0x8377e7000:
01BQVVC92HDUCS6JO571RA0M7AAB1TJ2.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.920 dnssec: info: validating @0x8377e6000:
FCHQ9FMNKR7B37322STB71CNCNRB6C02.gov TYPE50: no valid signature found
16-Mar-2009 12:43:40.946 dnssec: info: validating @0x842f93000: gov
SOA: no valid signature found
16-Mar-2009 12:43:40.946 dnssec: info: validating @0x842f93000: gov
SOA: no valid signature found


michael


DNSSECを使った際にいくつかのトップレベルドメインで問題が起こる件について。
色々なソフトウェア・バージョン・エラーになるドメインの情報が集まってきています。
DNSはInternetの根幹を成すものなので、これの基盤整備は最重要項目。
DNSが壊れるとInternetで誰と通信しているのか判らなくなる・・・
MailにはDKIMが徐々に浸透中。DNSSECはどうか。
時刻:
ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)