On Mon, Jul 29, 2013 at 10:25:21AM -0500, Brad Bendily wrote:
> Hi Ray,
> Did you ever get a resolution on this?
> We have had intermittent trouble getting to:
> www.nws.noaa.gov sites and the fix has been a full restart
> of the named service. I wasn't really sure how or where to
> start troubles
Van Dolson
Sent: Wednesday, July 17, 2013 11:49 AM
To: bind-users@lists.isc.org
Subject: Troubleshooting DNSSEC issue w/ ic.fbi.gov
Hello;
Running BIND 9.8.2 in RHEL6 (at the latest vendor provided version --
bind-9.8.2-0.17.rc1) and trying to troubleshoot an issue resolving ic.fbi.gov
that seems
On Wed, Jul 17, 2013 at 05:05:31PM -0700,
Ray Van Dolson wrote
a message of 36 lines which said:
> Tried dns-ad...@fbi.gov but got a bounce. :(
You want Sandra Bullock's, er, Sarah Ashburn's phone number?
http://en.wikipedia.org/wiki/The_Heat_%28film%29
__
On 18/07/13 14:35, Barry S. Finkel wrote:
The SOA RNAME should work:
fbi.gov.600INSOAns1.fbi.gov. dns-admin.fbi.gov.
2013071601 7200 3600 2592000 43200
In my years as a DNS administrator, about 50% of the time I tried to
send e-mail to the SOA RNAME, that mail was returned
The SOA RNAME should work:
fbi.gov.600INSOAns1.fbi.gov. dns-admin.fbi.gov.
2013071601 7200 3600 2592000 43200
In my years as a DNS administrator, about 50% of the time I tried to
send e-mail to the SOA RNAME, that mail was returned as undeliverable.
I never have trusted tha
On Wed, Jul 17, 2013 at 10:58 AM, Bill Owens wrote:
> This is one of the weirder ones I've seen. . . there are TXT and MX records
> for ic.fbi.gov, both correctly signed:
>
> ...
> However, that NSEC3 record is not signed.
FWIW, DNSViz checks the chain of trust for authenticated
denial-of-existe
On Wed, Jul 17, 2013 at 02:55:49PM -0700, Michael Sinatra wrote:
> >> Try contacting dotgov.gov
> >>
> >> regist...@dotgov.gov or 877-734-4688 or 703-948-0723
> >>
> >> They'll have phone numbers for the people they need to contact for fbi.gov
> >> to
> >> get things fixed.
> >
> > Which would
In message <51e712e5.60...@rancid.berkeley.edu>, Michael Sinatra writes:
> On 7/17/13 2:38 PM, Mark Andrews wrote:
> >
> > In message <1673423961.50595218.1374096753729.javamail.r...@k-state.edu>, "
> Lawr
> > ence K. Chen, P.Eng." writes:
> >>
> >>
> >> - Original Message -
> >>> On Wed,
On 7/17/13 2:38 PM, Mark Andrews wrote:
>
> In message <1673423961.50595218.1374096753729.javamail.r...@k-state.edu>,
> "Lawr
> ence K. Chen, P.Eng." writes:
>>
>>
>> - Original Message -
>>> On Wed, Jul 17, 2013 at 01:58:25PM -0400, Bill Owens wrote:
On Wed, Jul 17, 2013 at 09:49:18
In message <1673423961.50595218.1374096753729.javamail.r...@k-state.edu>, "Lawr
ence K. Chen, P.Eng." writes:
>
>
> - Original Message -
> > On Wed, Jul 17, 2013 at 01:58:25PM -0400, Bill Owens wrote:
> > > On Wed, Jul 17, 2013 at 09:49:18AM -0700, Ray Van Dolson wrote:
> > > > Hello;
>
- Original Message -
> On Wed, Jul 17, 2013 at 01:58:25PM -0400, Bill Owens wrote:
> > On Wed, Jul 17, 2013 at 09:49:18AM -0700, Ray Van Dolson wrote:
> > > Hello;
> > >
> > > Running BIND 9.8.2 in RHEL6 (at the latest vendor provided
> > > version --
> > > bind-9.8.2-0.17.rc1) and tryin
On Wed, Jul 17, 2013 at 01:58:25PM -0400, Bill Owens wrote:
> On Wed, Jul 17, 2013 at 09:49:18AM -0700, Ray Van Dolson wrote:
> > Hello;
> >
> > Running BIND 9.8.2 in RHEL6 (at the latest vendor provided version --
> > bind-9.8.2-0.17.rc1) and trying to troubleshoot an issue resolving
> > ic.fbi.g
On Wed, Jul 17, 2013 at 09:49:18AM -0700, Ray Van Dolson wrote:
> Hello;
>
> Running BIND 9.8.2 in RHEL6 (at the latest vendor provided version --
> bind-9.8.2-0.17.rc1) and trying to troubleshoot an issue resolving
> ic.fbi.gov that seems to be DNSSEC related.
>
> Am fairly certain of this becau
It appears to me that the NSEC3 record that is denying the existence of
the DS record for ic.fbi.gov does not have a corresponding RRSIG.
That's based on a fairly cursory glance.
This seems to be the case for all of the NSEC3 records in fbi.gov.
Something's messed up in fbi.gov.
michael
PS: Not
>From here i see a fast response using the local server:
~
$ dig ic.fbi.gov
; <<>> DiG 9.7.6-P1 <<>> ic.fbi.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: _/*NOERROR*/_, id: 2421
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTIO
Hello;
Running BIND 9.8.2 in RHEL6 (at the latest vendor provided version --
bind-9.8.2-0.17.rc1) and trying to troubleshoot an issue resolving
ic.fbi.gov that seems to be DNSSEC related.
Am fairly certain of this because if I set dnssec-enable and
dnssec-validation to no (have them at 'yes' norm
16 matches
Mail list logo
