On Sun, Oct 28, 2012 at 07:41:29PM -0400, Paul Wouters wrote: > On Sun, 28 Oct 2012, Leen Besselink wrote: > > >On Sun, Oct 28, 2012 at 10:29:18PM +0100, Stephane Bortzmeyer wrote: > >>On Sun, Oct 28, 2012 at 10:13:30PM +0100, > >> Leen Besselink <[email protected]> wrote > >> a message of 20 lines which said: > >> > >>>Today for me the .nl top level domain stopped to be valid. > >> > >>.nl added a new ZSK, 20331, around 2000 UTC. Could it be related? > >> > > > >Maybe, the error was: > > > >verify rrset <sidn.nl. DS IN> > >DS rrset in DS response did not verify > >validator operate: query <www.sidn.nl. A IN> > >Could not establish a chain of trust to keys for <sidn.nl. DNSKEY IN> > > > >But I'm starting to think I should have logged some for .nl itself to be > >really useful. > > I've seen similar outages. I experienced one too yesterday where my own > nohats.ca (but really almost all queries) failed to resolve. I ran a > verbosity 2 while the process was still running and it showed a massive > amount of ipv6 connection attempts (despite not having been on an ipv6 > network in weeks) > > A similar even seem to have happened on the Sunday of ICANN45 in Toronto, > where some important high up record stopped validating, causing everything > below it to fail. >
I assume this is with a very recent version of ldns/Unbound ? Don't think I had any IPv6 issues, it seems to still want to query over IPv6 too if I've read the logs correctly. > Paul _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
