These name servers have another interesting feature: the serial number
is different depending on whether you set the DO bit or or:
% dig +short +dnssec +bufsize=4096 @ns1.uscg.mil SOA uscg.mil
osc-bloxmaster.iap.uscg.mil. hostmaster.uscg.mil. 2012079853 10800 1080 604800
900
...
% dig +short
Hi,
Does anyone have any DNSSEC problem with uscg.mil.
On our DNS servers, we have seen broken trust chain error and the validation
failed.
14-Nov-2013 12:57:37.486 lame-servers: error (broken trust chain) resolving
'uscg.mil/A/IN': 199.211.218.6#53
14-Nov-2013 12:57:37.573 lame-servers
.
Kind regards,
On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor linh.k...@ssa.govwrote:
Hi,
Does anyone have any DNSSEC problem with uscg.mil.
On our DNS servers, we have seen broken trust chain error and the
validation failed.
14-Nov-2013 12:57:37.486 lame-servers: error (broken
aa rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
Observe : AA bit set, 10 answers.
Kind regards,
On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor linh.k...@ssa.govwrote:
Hi,
Does anyone have any DNSSEC problem with uscg.mil.
On our DNS servers, we have seen broken trust
: Thursday, November 14, 2013 1:16 PM
To: Khuu, Linh Contractor
Cc: Bind Users Mailing List
Subject: Re: Does anyone have DNSSEC problem with uscg.mil
Not at this moment :
$ dig @8.8.8.8http://8.8.8.8 mx uscg.milhttp://uscg.mil. +dnssec
; DiG 9.8.4-rpz2+rl005.12-P1 @8.8.8.8http://8.8.8.8 mx
:* Marc Lampo [mailto:marc.lampo.i...@gmail.com]
*Sent:* Thursday, November 14, 2013 1:16 PM
*To:* Khuu, Linh Contractor
*Cc:* Bind Users Mailing List
*Subject:* Re: Does anyone have DNSSEC problem with uscg.mil
Not at this moment :
$ dig @8.8.8.8 mx uscg.mil. +dnssec
; DiG 9.8.4-rpz2
20131113074105 53369 uscg.mil. F...
Observe : AD bit set.
Kind regards,
On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor linh.k...@ssa.gov
wrote:
Hi,
Does anyone have any DNSSEC problem with uscg.mil.
On our DNS servers, we have seen broken trust chain error and the
validation failed
On 11/14/13 1:29 PM, Kevin Oberman wrote:
Don't forget that Google will white-list domains with known (by them)
broken DNSSEC and reply even though validation is broken, so using
8.8.8.8 for checking on whether validation is broken is not the best idea.
Really? Google sets the ad flag for
20131118074336 20131113074105 53369 uscg.mil. F...
Observe : AD bit set.
Kind regards,
On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor
linh.k...@ssa.gov wrote:
Hi,
Does anyone have any DNSSEC problem with uscg.mil.
On our DNS servers, we have seen broken trust chain error
9 matches
Mail list logo