Re: [dns-operations] .ke - something wrong with DNSKEYs?

2024-03-13 Thread Ahmed Landi via dns-operations 
--- Begin Message ---
Dear Stephane,

Thank you for this - the offending ns (NS2KE.DNS.BUSINESS) has been isolated. 
Apologies for the delay

. 

Landi, Ahmed 


- Original Message -
From: "Stephane Bortzmeyer" 
To: "Ondřej Surý" 
Cc: dns-operations@lists.dns-oarc.net, "KeNIC Tech" , "KE 
NIC" 
Sent: Friday, 1 March, 2024 19:07:08
Subject: Re: .ke - something wrong with DNSKEYs?

On Fri, Mar 01, 2024 at 05:05:30PM +0100,
 Stephane Bortzmeyer  wrote 
 a message of 11 lines which said:

> On Fri, Mar 01, 2024 at 04:27:03PM +0100,
>  Ondřej Surý  wrote 
>  a message of 33 lines which said:
> 
> > does anyone else see this?
> > 
> > https://dnsviz.net/d/han.ke/ZeHwpA/dnssec/
> 
> Zonemaster sees similar
> .

Also, like Zonemaster and DNSviz, RIPE Atlas probes show that, indeed,
ns2ke.dns.business does not always send DNSKEYs:

% blaeu-resolve --requested 100 --nameserver NS2KE.DNS.BUSINESS --nsid 
--ednssize 4096 --type DNSKEY ke
Nameserver NS2KE.DNS.BUSINESS
[] : 91 occurrences 
[TIMEOUT] : 1 occurrences 
[256 3 8 aweaadwi0wdlxihuia0n2oqlif9+xjju qyjxhglrjqr6m47xepvvls9aft+7tvet 
wo1alo 257 3 8 aweaazlaskgfz2dilbzrqbepwtpkp62g 
rjghjqas+7iogcsagazob8jajtrgpwrf mbmdcp] : 2 occurrences 
Test #68174319 done at 2024-03-01T16:04:22Z

--- End Message ---
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] .ke - something wrong with DNSKEYs?

2024-03-01 Thread Stephane Bortzmeyer 
On Fri, Mar 01, 2024 at 04:27:03PM +0100,
 Ondřej Surý  wrote 
 a message of 33 lines which said:

> does anyone else see this?
> 
> https://dnsviz.net/d/han.ke/ZeHwpA/dnssec/

Zonemaster sees similar
.

___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] .ke - something wrong with DNSKEYs?

2024-03-01 Thread Stephane Bortzmeyer 
On Fri, Mar 01, 2024 at 05:05:30PM +0100,
 Stephane Bortzmeyer  wrote 
 a message of 11 lines which said:

> On Fri, Mar 01, 2024 at 04:27:03PM +0100,
>  Ondřej Surý  wrote 
>  a message of 33 lines which said:
> 
> > does anyone else see this?
> > 
> > https://dnsviz.net/d/han.ke/ZeHwpA/dnssec/
> 
> Zonemaster sees similar
> .

Also, like Zonemaster and DNSviz, RIPE Atlas probes show that, indeed,
ns2ke.dns.business does not always send DNSKEYs:

% blaeu-resolve --requested 100 --nameserver NS2KE.DNS.BUSINESS --nsid 
--ednssize 4096 --type DNSKEY ke
Nameserver NS2KE.DNS.BUSINESS
[] : 91 occurrences 
[TIMEOUT] : 1 occurrences 
[256 3 8 aweaadwi0wdlxihuia0n2oqlif9+xjju qyjxhglrjqr6m47xepvvls9aft+7tvet 
wo1alo 257 3 8 aweaazlaskgfz2dilbzrqbepwtpkp62g 
rjghjqas+7iogcsagazob8jajtrgpwrf mbmdcp] : 2 occurrences 
Test #68174319 done at 2024-03-01T16:04:22Z
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

[dns-operations] .ke - something wrong with DNSKEYs?

2024-03-01 Thread Ondřej Surý 
Hi,

does anyone else see this?

https://dnsviz.net/d/han.ke/ZeHwpA/dnssec/

dnssec debugger from Verisign also reports:

> - All Queries to mzizi.kenic.or.ke for ke/DNSKEY timed out or failed
> - x No DNSKEY records found
> - ! DS=28886/SHA-256 is published, but a corresponding DNSKEY is not

from time to time, but it's not 100% reliable, so I suspect a "load-balancer"
is in play.

And ns2ke.dns.business is not responding to any queries.

Ondřej
--
Ondřej Surý (He/Him)
ond...@sury.org


___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations