Fwd: DNSSEC issue, "Servers Unreachable"

Eduardo Bonsi beartcom at pacbell.net
Tue Nov 22 18:51:19 UTC 2011 

Sorry if I used the expression "bug down" as it not mean necessarily 
that this it is a bug in anyway but probably a configuration issue.

-------- Original Message --------
Subject: DNSSEC bug down issue, "Servers Unreachable"
Date: Mon, 21 Nov 2011 21:45:52 -0800
To: bind-users at lists.isc.org <bind-users at lists.isc.org>

I have checked my domain against

http://www.intodns.com/bonsi.org

and I am getting that everything is ok.

I have signed the domain bonsi.org with dnssec key and entered the key
at the https://dlv.isc.org for validation. In addition I also entered
the dlv.bonsi.org. at the parent.

On dlv.isc.org I am getting "Servers Unreachable"

Servers Unreachable
Severity: failure
Summary: One or more servers could not be reached.
When checking the status of a domain, one or more servers did not
respond or did not respond correctly. If this is the initial check, all
servers are requried to respond. For later checks, which simply ensure
the DNSKEY is still present, at least one server must respond. Check to
make certain the name servers for this zone respond over both TCP and UDP.

If the servers were to be Unreachable I think I wouldn't be able to
serve the domain "bonsi.org" and that is not the case.

What could be the problem?

I have dig and ping both servers and ping and dig returned ok.
Port 53 and 80 are open and working fine for both servers.

[user:~] root# ping ns1.bonsi.org
PING ns1.bonsi.org (63.200.45.18): 56 data bytes
64 bytes from 63.200.45.18: icmp_seq=0 ttl=62 time=3.158 ms
64 bytes from 63.200.45.18: icmp_seq=1 ttl=62 time=3.367 ms
64 bytes from 63.200.45.18: icmp_seq=2 ttl=62 time=3.643 ms
64 bytes from 63.200.45.18: icmp_seq=3 ttl=62 time=3.533 ms
64 bytes from 63.200.45.18: icmp_seq=4 ttl=62 time=3.374 ms
64 bytes from 63.200.45.18: icmp_seq=5 ttl=62 time=3.456 ms

[user:~] root# ping ns2.bonsi.org
PING ns2.bonsi.org (63.200.45.19): 56 data bytes
64 bytes from 63.200.45.19: icmp_seq=0 ttl=62 time=3.140 ms
64 bytes from 63.200.45.19: icmp_seq=1 ttl=62 time=3.681 ms
64 bytes from 63.200.45.19: icmp_seq=2 ttl=62 time=3.438 ms
64 bytes from 63.200.45.19: icmp_seq=3 ttl=62 time=3.543 ms
64 bytes from 63.200.45.19: icmp_seq=4 ttl=62 time=3.471 ms


[user:~] root# dig +tcp @63.200.45.18  ns1.bonsi.org

; <<>> DiG 9.6-ESV-R4-P3 <<>> +tcp @63.200.45.18 ns1.bonsi.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17971
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns1.bonsi.org.			IN	A

;; ANSWER SECTION:
ns1.bonsi.org.		3600	IN	A	63.200.45.18

;; AUTHORITY SECTION:
bonsi.org.		3600	IN	NS	ns1.bonsi.org.
bonsi.org.		3600	IN	NS	ns2.bonsi.org.

;; ADDITIONAL SECTION:
ns2.bonsi.org.		3600	IN	A	63.200.45.19

;; Query time: 8 msec
;; SERVER: 63.200.45.18#53(63.200.45.18)
;; WHEN: Tue Nov 22 10:42:51 2011
;; MSG SIZE  rcvd: 95

[user:~] root# dig +tcp @63.200.45.19  ns2.bonsi.org

; <<>> DiG 9.6-ESV-R4-P3 <<>> +tcp @63.200.45.19 ns2.bonsi.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20284
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns2.bonsi.org.			IN	A

;; ANSWER SECTION:
ns2.bonsi.org.		3600	IN	A	63.200.45.19

;; AUTHORITY SECTION:
bonsi.org.		3600	IN	NS	ns2.bonsi.org.
bonsi.org.		3600	IN	NS	ns1.bonsi.org.

;; ADDITIONAL SECTION:
ns1.bonsi.org.		3600	IN	A	63.200.45.18

;; Query time: 6 msec
;; SERVER: 63.200.45.19#53(63.200.45.19)
;; WHEN: Tue Nov 22 10:48:08 2011
;; MSG SIZE  rcvd: 95


Thanks!

-- 
BEARTCOMMUNICATIONS
Eduardo Bonsi
System - Network Admin
beartcom at pacbell.net
webmaster at beart.com
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


-- 
BEARTCOMMUNICATIONS
Eduardo Bonsi
System - Network Admin
beartcom at pacbell.net
webmaster at beart.com

More information about the bind-users mailing list