Does anyone have DNSSEC problem with uscg.mil
Marc Lampo
marc.lampo.ietf at gmail.com
Thu Nov 14 18:18:30 UTC 2013
And the name server 199.211.218.6 does not seem lame either :
$ dig @199.211.218.6 mx uscg.mil. +dnssec
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @199.211.218.6 mx uscg.mil. +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
Observe : AA bit set, 10 answers.
Kind regards,
On Thu, Nov 14, 2013 at 7:00 PM, Khuu, Linh Contractor <Linh.Khuu at ssa.gov>wrote:
> Hi,
>
> Does anyone have any DNSSEC problem with uscg.mil.
>
> On our DNS servers, we have seen broken trust chain error and the
> validation failed.
>
> 14-Nov-2013 12:57:37.486 lame-servers: error (broken trust chain)
> resolving 'uscg.mil/A/IN': 199.211.218.6#53
> 14-Nov-2013 12:57:37.573 lame-servers: error (broken trust chain)
> resolving 'uscg.mil/A/IN': 199.211.218.6#53
> 14-Nov-2013 12:57:37.658 lame-servers: error (broken trust chain)
> resolving 'uscg.mil/MX/IN': 199.211.218.6#53
> 14-Nov-2013 12:57:37.743 lame-servers: error (broken trust chain)
> resolving 'uscg.mil/MX/IN': 199.211.218.6#53
>
> 14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: uscg.milAAAA: in authvalidated
> 14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: uscg.milAAAA: authvalidated: got broken trust chain
> 14-Nov-2013 12:58:12.878 dnssec: debug 3: validating @23cee638: uscg.milAAAA: resuming nsecvalidate
> 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: starting
> 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: attempting positive response validation
> 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: in fetch_callback_validator
> 14-Nov-2013 12:58:13.058 dnssec: debug 3: validating @23cee638: uscg.milA: fetch_callback_validator: got failure
> 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: starting
> 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: attempting positive response validation
> 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: in fetch_callback_validator
> 14-Nov-2013 12:58:13.233 dnssec: debug 3: validating @23cee638: uscg.milMX: fetch_callback_validator: got failure
>
> Thanks,
> Linh Khuu
> Network Security Specialist
> Northrop Grumman IS | Civil Systems Division (CSD)
> Office: 410-965-0746
> Pager: 443-847-7551
> Email: Linh.Khuu at ssa.gov
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131114/37b5d204/attachment.html>
More information about the bind-users
mailing list