Re: Does anyone have DNSSEC problem with uscg.mil

2013-11-15 Thread Stephane Bortzmeyer
These name servers have another interesting feature: the serial number is different depending on whether you set the DO bit or or: % dig +short +dnssec +bufsize=4096 @ns1.uscg.mil SOA uscg.mil osc-bloxmaster.iap.uscg.mil. hostmaster.uscg.mil. 2012079853 10800 1080 604800 900 ... % dig +short

Does anyone have DNSSEC problem with uscg.mil

2013-11-14 Thread Khuu, Linh Contractor
Hi, Does anyone have any DNSSEC problem with uscg.mil. On our DNS servers, we have seen broken trust chain error and the validation failed. 14-Nov-2013 12:57:37.486 lame-servers: error (broken trust chain) resolving 'uscg.mil/A/IN': 199.211.218.6#53 14-Nov-2013 12:57:37.573 lame-servers

Re: Does anyone have DNSSEC problem with uscg.mil

2013-11-14 Thread Marc Lampo
. Kind regards, On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor linh.k...@ssa.govwrote: Hi, Does anyone have any DNSSEC problem with uscg.mil. On our DNS servers, we have seen broken trust chain error and the validation failed. 14-Nov-2013 12:57:37.486 lame-servers: error (broken

Re: Does anyone have DNSSEC problem with uscg.mil

2013-11-14 Thread Marc Lampo
aa rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1 Observe : AA bit set, 10 answers. Kind regards, On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor linh.k...@ssa.govwrote: Hi, Does anyone have any DNSSEC problem with uscg.mil. On our DNS servers, we have seen broken trust

RE: Does anyone have DNSSEC problem with uscg.mil

2013-11-14 Thread Khuu, Linh Contractor
: Thursday, November 14, 2013 1:16 PM To: Khuu, Linh Contractor Cc: Bind Users Mailing List Subject: Re: Does anyone have DNSSEC problem with uscg.mil Not at this moment : $ dig @8.8.8.8http://8.8.8.8 mx uscg.milhttp://uscg.mil. +dnssec ; DiG 9.8.4-rpz2+rl005.12-P1 @8.8.8.8http://8.8.8.8 mx

Re: Does anyone have DNSSEC problem with uscg.mil

2013-11-14 Thread Marc Lampo
:* Marc Lampo [mailto:marc.lampo.i...@gmail.com] *Sent:* Thursday, November 14, 2013 1:16 PM *To:* Khuu, Linh Contractor *Cc:* Bind Users Mailing List *Subject:* Re: Does anyone have DNSSEC problem with uscg.mil Not at this moment : $ dig @8.8.8.8 mx uscg.mil. +dnssec ; DiG 9.8.4-rpz2

Re: Does anyone have DNSSEC problem with uscg.mil

2013-11-14 Thread Kevin Oberman
20131113074105 53369 uscg.mil. F... Observe : AD bit set. Kind regards, On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor linh.k...@ssa.gov wrote: Hi, Does anyone have any DNSSEC problem with uscg.mil. On our DNS servers, we have seen broken trust chain error and the validation failed

Re: Does anyone have DNSSEC problem with uscg.mil

2013-11-14 Thread David Newman
On 11/14/13 1:29 PM, Kevin Oberman wrote: Don't forget that Google will white-list domains with known (by them) broken DNSSEC and reply even though validation is broken, so using 8.8.8.8 for checking on whether validation is broken is not the best idea. Really? Google sets the ad flag for

Re: Does anyone have DNSSEC problem with uscg.mil

2013-11-14 Thread Marc Lampo
20131118074336 20131113074105 53369 uscg.mil. F... Observe : AD bit set. Kind regards, On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor linh.k...@ssa.gov wrote: Hi, Does anyone have any DNSSEC problem with uscg.mil. On our DNS servers, we have seen broken trust chain error