Hi Since about 20 hours we see many dnssec validation errors on all of our pdns recursors. A few recent examples:
Sep 17 10:12:37 ac-rns2 pdns_recursor[24059]: Answer to onba.zkb.ch|A for 178.22.104.86:36796 validates as Bogus Sep 17 10:12:25 ac-rns2 pdns_recursor[24059]: Answer to cdn.migros.ch|A for 185.104.84.182:34036 validates as Bogus Sep 17 10:12:48 ac-rns1 pdns_recursor[111558]: Answer to smtp.phys.ethz.ch|A for 83.150.57.154:52291 validates as Bogus Sep 17 10:12:37 ac-rns1 pdns_recursor[111558]: Answer to www.admin.ch|A for 212.25.2.169:59487 validates as Bogus Anyone else with the same issues? DNSViz always shows the same behaviour: http://dnsviz.net/d/onba.zkb.ch/dnssec/ http://dnsviz.net/d/www.admin.ch/dnssec/ Errors (3) • ./DNSKEY: No response was received from the server over UDP (tried 4 times). (2001:500:12::d0d, UDP_0_EDNS0_32768_512) • NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the SNAME (admin.ch). • NSEC3 proving non-existence of admin.ch/DS: No NSEC3 RR matches the SNAME (admin.ch). 2001:500:12::d0d is g.root-servers.net Regards Christian _______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
