I'd seen the rollover problem too, but not the problems Stéphane mentioned, thanks for reaching out to NIH, hope they pick up on it.
Morizot Timothy S wrote: > I don't have an NIH contact, but it looks like the initial issue was caused > when the KSK changed and the DS record in the parent wasn't updated. From > about 24 hours ago from the present time: > > http://dnsviz.net/d/wip.ncbi.nlm.nih.gov/V6CFjw/dnssec/ > > That issue is now fixed, but the other lingering issues Stephane notes > remain. > > http://dnsviz.net/d/wip.ncbi.nlm.nih.gov/dnssec/ > > I've shared the information with others who might have an NIH contact. > Maybe. > > Scott > >> -----Original Message----- >> From: dnssec-deployment-boun...@dnssec-deployment.org >> [mailto:dnssec-deployment-boun...@dnssec-deployment.org] On Behalf >> Of Roland van Rijswijk - Deij >> Sent: Wednesday, August 03, 2016 4:59 AM >> To: Stephane Bortzmeyer >> Cc: DNSSEC deployment >> Subject: Re: [Dnssec-deployment] Intermittent failures for subdomains >> under nih.gov yesterday >> >> Hi Stéphane, >> >> Stephane Bortzmeyer wrote: >>> On Wed, Aug 03, 2016 at 08:37:55AM +0200, >>> Roland van Rijswijk - Deij <roland.vanrijsw...@surfnet.nl> wrote >>> a message of 121 lines which said: >>> >>>> The problem seems to be resolved now, >>> It does not seem so. The DNSKEY RRset of wip.ncbi.nlm.nih.gov is very >>> large (1800 bytes) and the name server truncates it incorrectly in the >>> middle of a record: >>> >>> % dig +bufsize=1500 @130.14.252.53 DNSKEY wip.ncbi.nlm.nih.gov >>> ;; Warning: Message parser reports malformed message packet. >>> ;; Truncated, retrying in TCP mode. >>> >>> They also have MTU problems with IPv6. >> Ouch. Thanks for pointing that out, seems I was too optimistic. So I >> guess that makes it even more important that folks at NIH pick up on this. >> >> Cheers, >> >> Roland >> >> -- >> -- Roland M. van Rijswijk - Deij >> -- SURFnet bv >> -- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet >> -- e: roland.vanrijsw...@surfnet.nl > -- -- Roland M. van Rijswijk - Deij -- SURFnet bv -- w: http://www.surf.nl/en/about-surf/subsidiaries/surfnet -- e: roland.vanrijsw...@surfnet.nl
smime.p7s
Description: S/MIME Cryptographic Signature
