On 1/5/10 12:31 AM, Alexander Gall wrote:
[ I've already sent this to our colleagues at Swisscom, but this
should really go to the list ]
On Mon, 04 Jan 2010 20:16:14 +0100, Benjamin Schlageter<[email protected]>
said:
Hi
Anybody knows something about big DNS troubles with Bluewin ADSL/VDSL?
As I saw, my router canĀ¹t resolve any domains... Lucky I got some other dns
servers =)
The perils of DNSSEC<sigh>. It was entirely our fault. Due to an
error, lots of DNSSEC-related resource records (NSEC3 to be precise)
were missing in the ch zone file generated shortly after 7pm last
evening. Unfortunately, the error went undetected and the truncated
zone was published.
The DNS caches of Bluewin have DNSSEC validation enabled for the ch
TLD and probably started to produce SERVFAIL for most subdomains at
this point (depending on whether they were already in the cache or
not). The zone was fixed some time after 9pm.
Sincere appologies for any pain this has caused.
Painful to say the least but thanks a lot for the honest and transparent
report on what caused the issue.
Thomas
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
