I get a call, that a site in .FR doesn't work. Right:

dig fr ns
    fr.         172700  IN  NS  a.nic.fr.
    fr.         172700  IN  NS  g.ext.nic.fr.
    fr.         172700  IN  NS  e.ext.nic.fr.
    fr.         172700  IN  NS  d.nic.fr.
    fr.         172700  IN  NS  c.nic.fr.
    fr.         172700  IN  NS  f.ext.nic.fr.
    fr.         172700  IN  NS  d.ext.nic.fr.
dig d.nic.fr
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22465

Now, the operative bit here is SERVFAIL, which is returned by all name servers. So, let's see what happens if I tell my recursive resolver to disable checking (+cd flag)

dig +cd d.nic.fr
    d.nic.fr.       107661  IN  A

Oh. Bad. Something happened. But what? Their DNSKEY seems to have gone AWOL. Huh? Lots of badness. I'm trying to get in touch with them. Update: everything seems to be back to normal.

Flattr this
DNS and dnssec :: 12 Feb 2011 :: e-mail


blog comments powered by Disqus