Does anyone have DNSSEC problem with uscg.mil
Marc Lampo
marc.lampo.ietf at gmail.com
Thu Nov 14 18:16:02 UTC 2013
Not at this moment :
$ dig @8.8.8.8 mx uscg.mil. +dnssec
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 mx uscg.mil. +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42506
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;uscg.mil. IN MX
;; ANSWER SECTION:
uscg.mil. 8478 IN MX 40 smtp-gateway-4.uscg.mil.
uscg.mil. 8478 IN MX 40 smtp-gateway-4a.uscg.mil.
uscg.mil. 8478 IN MX 10 smtp-gateway-2.uscg.mil.
uscg.mil. 8478 IN MX 20 smtp-gateway-5a.uscg.mil.
uscg.mil. 8478 IN MX 10 smtp-gateway-1.uscg.mil.
uscg.mil. 8478 IN MX 20 smtp-gateway-5.uscg.mil.
uscg.mil. 8478 IN MX 10 smtp-gateway-1a.uscg.mil.
uscg.mil. 8478 IN MX 10 smtp-gateway-2a.uscg.mil.
uscg.mil. 8478 IN RRSIG MX 7 2 86400 20131118074336
20131113074105 53369 uscg.mil. F...
Observe : AD bit set.
Kind regards,
On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor <Linh.Khuu at ssa.gov>wrote:
> Hi,
>
> Does anyone have any DNSSEC problem with uscg.mil.
>
> On our DNS servers, we have seen broken trust chain error and the
> validation failed.
>
> 14-Nov-2013 12:57:37.486 lame-servers: error (broken trust chain)
> resolving 'uscg.mil/A/IN': 199.211.218.6#53
> 14-Nov-2013 12:57:37.573 lame-servers: error (broken trust chain)
> resolving 'uscg.mil/A/IN': 199.211.218.6#53
> 14-Nov-2013 12:57:37.658 lame-servers: error (broken trust chain)
> resolving 'uscg.mil/MX/IN': 199.211.218.6#53
> 14-Nov-2013 12:57:37.743 lame-servers: error (broken trust chain)
> resolving 'uscg.mil/MX/IN': 199.211.218.6#53
>
> 14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: uscg.milAAAA: in authvalidated
> 14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: uscg.milAAAA: authvalidated: got broken trust chain
> 14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: uscg.milAAAA: resuming nsecvalidate
> 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: starting
> 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: attempting positive response validation
> 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: in fetch_callback_validator
> 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: fetch_callback_validator: got failure
> 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: starting
> 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: attempting positive response validation
> 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: in fetch_callback_validator
> 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: fetch_callback_validator: got failure
>
> Thanks,
> Linh Khuu
> Network Security Specialist
> Northrop Grumman IS | Civil Systems Division (CSD)
> Office: 410-965-0746
> Pager: 443-847-7551
> Email: Linh.Khuu at ssa.gov
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131114/7a970387/attachment.html>
More information about the bind-users
mailing list