Does anyone else also see trouble reaching .se domains at the moment?
Yes.
Ben White skrev:
Does anyone else also see trouble reaching .se domains at the moment?
Trailing dot misstake in dns as it looks like. People are working on it as we speak.
-- amar
a message of 4 lines which said:
Does anyone else also see trouble reaching .se domains at the moment?
It fails for me through an Unbound resolver but works with a BIND
one. Certainly a DNSSEC glitch but I did not find which one yet. Or if
the fault is on my side or not.
Does anyone else also see trouble reaching .se domains at the moment?
No, at least not all (from a French viewpoint). Which ones?
mh
it would appear that someone may have left out the trailing dot on ".se.". Dig is returning:
se. 172800 IN NS h.ns.se.se.
se. 172800 IN NS i.ns.se.se.
se. 172800 IN NS e.ns.se.se.
se. 172800 IN NS a.ns.se.se.
se. 172800 IN NS d.ns.se.se.
se. 172800 IN NS j.ns.se.se.
se. 172800 IN NS b.ns.se.se.
se. 172800 IN NS c.ns.se.se.
se. 172800 IN NS g.ns.se.se.
se. 172800 IN NS f.ns.se.se.
However, a dig at the root servers returns:
se. 172800 IN NS F.NS.se.
se. 172800 IN NS C.NS.se.
se. 172800 IN NS J.NS.se.
se. 172800 IN NS I.NS.se.
se. 172800 IN NS H.NS.se.
se. 172800 IN NS E.NS.se.
se. 172800 IN NS G.NS.se.
se. 172800 IN NS D.NS.se.
se. 172800 IN NS A.NS.se.
se. 172800 IN NS B.NS.se.
Ouch.
Nick
I don't think so:
; <<>> DiG 9.4.2-P2 <<>> @192.36.133.107 se ns +norec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18046
;; flags: qr aa; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;se. IN NS
;; ANSWER SECTION:
se. 172800 IN NS d.ns.se.se.
se. 172800 IN NS e.ns.se.se.
se. 172800 IN NS f.ns.se.se.
se. 172800 IN NS g.ns.se.se.
se. 172800 IN NS h.ns.se.se.
se. 172800 IN NS i.ns.se.se.
se. 172800 IN NS j.ns.se.se.
se. 172800 IN NS a.ns.se.se.
se. 172800 IN NS b.ns.se.se.
se. 172800 IN NS c.ns.se.se.
;; Query time: 46 msec
;; SERVER: 192.36.133.107#53(192.36.133.107)
;; WHEN: Mon Oct 12 21:44:09 2009
;; MSG SIZE rcvd: 186
All .se cctld-servers are now updated, so if you're still seeing problems, please reload your resolvers.
Mikael Abrahamsson wrote:
All .se cctld-servers are now updated, so if you're still seeing
problems, please reload your resolvers.
Even after a cache reload, the SOA record appears still bogus:
se has SOA record catcher-in-the-rye.nic.se. registry-default.nic.se.
2009101211 1800 1800 2419200 7200 (BOGUS (security failure))
even though other records are unaffected:
se has NS record a.ns.se. (secure)
BIND logs a failure but returns an answer without AD flag:
named[2843]: validating @0xb50c0030: se SOA: no valid signature found
~$ dig +dnssec -t mx se
; <<>> DiG 9.7.0a3 <<>> +dnssec -t mx se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55359
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
[...]
Unbound returns SERVFAIL instead. I don't quite understand why BIND
doesn't so, too.
Hauke.
a message of 53 lines which said:
Even after a cache reload, the SOA record appears still bogus:
Yes, even after a cold reboot, the data did not validate. But, this
time, the problem was purely DNSSEC and was noticed only by people
brave enough to validate. Too much haste in repairing probably.
Unbound returns SERVFAIL instead.
Fixed, now.
Hi,
.se statement:
http://www.iis.se/en/2009/10/13/felaktig-dns-information/
Kind regards,
ingo flaschberger