Hi all, In the hope that someone at NIH is subscribed to this list or someone who knows someone there, willing to nudge them; our resolvers have been reporting validation failures for subdomains under nih.gov since yesterday. The problem seems to be resolved now, but it may be worthwhile doing a post mortem. As an operator of a national academic network, SURFnet has lots of medical researchers on its network, and they notice if Pubmed does not work (and complain) ;-)
Some snippets from our Unbound log from yesterday morning: -- Aug 2 08:10:26 ns0 unbound: [7105:1] info: validation failure <www.wip.ncbi.nlm.nih.gov. A IN>: no keys have a DS with algorithm RSASHA1-NSEC3-SHA1 from 130.14.252.50 for key wip.ncbi.nlm.nih.gov. while building chain of trust Aug 2 08:10:42 ns0 unbound: [7105:1] info: validation failure <pubmedgov.wip.ncbi.nlm.nih.gov. A IN>: key for validation wip.ncbi.nlm.nih.gov. is marked as invalid because of a previous validation failure <www.wip.ncbi.nlm.nih.gov. A IN>: no keys have a DS with algorithm RSASHA1-NSEC3-SHA1 from 130.14.252.50 for key wip.ncbi.nlm.nih.gov. while building chain of trust Aug 2 08:10:42 ns0 unbound: [7105:1] info: validation failure <www.wip.ncbi.nlm.nih.gov. AAAA IN>: key for validation wip.ncbi.nlm.nih.gov. is marked as invalid because of a previous validation failure <www.wip.ncbi.nlm.nih.gov. A IN>: no keys have a DS with algorithm RSASHA1-NSEC3-SHA1 from 130.14.252.50 for key wip.ncbi.nlm.nih.gov. while building chain of trust -- Best regards, Roland -- -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet -- e: [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
