Re: [SCIENTIFIC-LINUX-USERS] Download servers ftp[x].scientificlinux.org unreachable

Pat Riehecky Tue, 12 Jun 2012 12:55:58 -0700

This should be fixed now, please let us know if this is not accurate.


Pat

On 06/10/2012 08:54 AM, Vladimir Mosgalin wrote:

Hi [email protected]!

  On 2012.06.07 at 18:01:30 +0000, [email protected] wrote next:

My apologies, should have checked with another DNS resolver.

I shall report this DNS fault to our site admin.

Thanks for your speedy reply.

I'm pretty sure it was fault of either SL hosting provider or someone
else close to it in DNS chain, not your site admin. This time, it lasted
for a day or two, I think.

Exactly same thing happened before, check out
http://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-users&T=0&P=2757


Few days ago, scientificlinux.org wasn't resolving for me either.
My bind checked google DNS servers and all others and situation was the same 
everywhere:

validating @0x7f93b01ee450: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.4.4#53
validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.8.8#53
validating @0x7f93b0c09f90: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.70#53
validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.71#53
validating @0x7f93ac1e1290: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:6000::22#53
validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:910:1::2#53
validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS)
error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.128.2.10#53
[..skipped..]

error (broken trust chain) resolving 'linux21.fnal.gov/A/IN': 8.8.4.4#53
   validating @0x7f93ac1e1290: MLV3I3JULF9HLTIIPF6CQHA1Q51TOGTU.fnal.gov NSEC3: 
bad cache hit (fnal.gov/DNSKEY)
error (broken trust chain) resolving 'linux21.fnal.gov/AAAA/IN': 8.8.4.4#53
validating @0x7f93b433e5f0: linux01.fnal.gov A: bad cache hit (fnal.gov/DNSKEY)
error (broken trust chain) resolving 'linux01.fnal.gov/A/IN': 8.8.4.4#53
   validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY)
   validating @0x7f93b01284d0: 6JGTJCC74FMN7VR86T153U5TDA4MBUDT.fnal.gov NSEC3: 
bad cache hit (fnal.gov/DNSKEY)
error (broken trust chain) resolving 'linux01.fnal.gov/AAAA/IN': 8.8.8.8#53
validating @0x7f93b433e5f0: linux9.fnal.gov A: bad cache hit (fnal.gov/DNSKEY)
error (broken trust chain) resolving 'linux9.fnal.gov/A/IN': 8.8.8.8#53
   validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY)
   validating @0x7f93b01284d0: TSR1OLABBBB6N3BA20AH8OLM0CPQE8LP.fnal.gov NSEC3: 
bad cache hit (fnal.gov/DNSKEY)
[..and so on..]


I believe that the fact that it started to work when you changed DNS
resolver just means that they use outdated DNS server which doesn't care
about DNSSEC :)

Not that I need DNSSEC to trust the way SL website resolves, however
it's somewhat sad that situations like this happen again.



--
Pat Riehecky
Scientific Linux Developer

Re: [SCIENTIFIC-LINUX-USERS] Download servers ftp[x].scientificlinux.org unreachable

Reply via email to