Re: [dns-operations] Signature expired for the DS of .ch at Cloudflare ?
On 04. 10. 23 10:38, Stephane Bortzmeyer wrote: On Wed, Oct 04, 2023 at 10:35:14AM +0200, Stephane Bortzmeyer wrote a message of 57 lines which said: Other instances of Cloudflare has the correct info: % dig +cd +nsid @1.1.1.1 DS ch. https://www.cloudflarestatus.com/ Investigating - Cloudflare is aware of, and investigating, DNS resolution issues which potentially impacts multiple users using 1.1.1.1 public resolver and/or WARP. Further detail will be provided as more information becomes available. Oct 04, 2023 - 08:19 UTC Details are now here: https://blog.cloudflare.com/1-1-1-1-lookup-failures-on-october-4th-2023/ -- Petr Špaček Internet Systems Consortium ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Signature expired for the DS of .ch at Cloudflare ?
Hi Stephane, We published a blog post with RCA and more details here https://blog.cloudflare.com/1-1-1-1-lookup-failures-on-october-4th-2023/ The issue was the local resolver root zone copy was stale and not removed from production in some places. I'm sorry for any issues encountered. Marek On Wed, 4 Oct 2023 at 01:53, Stephane Bortzmeyer wrote: > > On Wed, Oct 04, 2023 at 10:35:14AM +0200, > Stephane Bortzmeyer wrote > a message of 57 lines which said: > > > Other instances of Cloudflare has the correct info: > > > > % dig +cd +nsid @1.1.1.1 DS ch. > > https://www.cloudflarestatus.com/ > > Investigating - Cloudflare is aware of, and investigating, DNS resolution > issues which potentially impacts multiple users using 1.1.1.1 public resolver > and/or WARP. > > Further detail will be provided as more information becomes available. > Oct 04, 2023 - 08:19 UTC > > ___ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Signature expired for the DS of .ch at Cloudflare ?
On Wed, Oct 04, 2023 at 10:35:14AM +0200, Stephane Bortzmeyer wrote a message of 57 lines which said: > Other instances of Cloudflare has the correct info: > > % dig +cd +nsid @1.1.1.1 DS ch. https://www.cloudflarestatus.com/ Investigating - Cloudflare is aware of, and investigating, DNS resolution issues which potentially impacts multiple users using 1.1.1.1 public resolver and/or WARP. Further detail will be provided as more information becomes available. Oct 04, 2023 - 08:19 UTC ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] Signature expired for the DS of .ch at Cloudflare ?
Other instances of Cloudflare has the correct info: % dig +cd +nsid @1.1.1.1 DS ch. ; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> +cd +nsid @1.1.1.1 DS ch. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20816 ;; flags: qr aa rd ra cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1232 ; NSID: 35 33 38 6d 31 37 38 ("538m178") ;; QUESTION SECTION: ;ch.IN DS ;; ANSWER SECTION: ch. 86400 IN DS 10 13 2 ( 0E175543A74D9083EA977BAB2BEE98A771995F80982F B796B2B0B9CC6413D1A6 ) ch. 86400 IN RRSIG DS 8 1 86400 ( 2023100405 2023092104 11019 . U0PZSe2x3/R7P1+TKdnX9DSFxRtfvJIEdnI3q4MhSVuq jX8HiqpU613EAyLF3s9IINPg+ctOSKWOzULMpZK+sbX9 NBzzRevhbHFziGNgqupscrxFKX7PGvRXKjmwfcfi7X4n nvOlpsW0glNixT4M4vjdzO2bYDmgwzfwoosDy3r2W5e8 VKBn4lj75nqI/fgtLJQyi2pDHokZ5qRnzQ4/lsajwRsP CnOgGnmtTyq3HRnI9cng5Lqv6yDHYacIk2Fpte6ehirN oLwGaSwtWk7Tf1k/GpNKB3kpYb/e8VYVQ7c1ydwk7on7 tVn6hUaNlHpVbj8eFHXQYmRfvAl8+VAMBw== ) ;; Query time: 8 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP) ;; WHEN: Wed Oct 04 10:34:06 CEST 2023 ;; MSG SIZE rcvd: 377 % dig +nsid @1.1.1.1 DS ch. ; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> +nsid @1.1.1.1 DS ch. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52317 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1232 ; EDE: 7 (Signature Expired): (failed to verify ch. DS: RRSIG ch., expiration = 1696395600) ; NSID: 35 33 32 6d 33 33 ("532m33") ;; QUESTION SECTION: ;ch.IN DS ;; Query time: 8 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP) ;; WHEN: Wed Oct 04 10:34:50 CEST 2023 ;; MSG SIZE rcvd: 106 ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations