DNSSEC validation broken trust July 22-23rd time.nist.gov
Julian Panke
ml at julianpanke.com
Thu Jul 24 05:19:11 UTC 2025
Hi,
DNSviz is showing the issue very clearly so it was not on your side https://dnsviz.net/d/time.nist.gov/aID54g/dnssec/
regards
Julian Panke
-------- Ursprüngliche Nachricht --------
Am 24.07.25 00:18 schrieb J Doe <general at nativemethods.com>:
> Hi,
>
> I have a small mail server that is using: BIND 9.20.11 and performs
> recursion and DNSSEC validation.
>
> From yesterday (July 22nd), to today (July 23rd), I noticed the
> following in the server logs
>
> 22-Jul-2025 23:59:50.347 lame-servers: info: no valid RRSIG resolving
> 'glb.nist.gov/DNSKEY/IN': 132.163.4.64#53
> 22-Jul-2025 23:59:50.347 lame-servers: info: broken trust chain
> resolving 'ntp1.glb.nist.gov/A/IN': 129.6.13.8#53
> 22-Jul-2025 23:59:50.347 query-errors: info: client @0xe3af1ee9020
> 127.0.0.1#13211 (time.nist.gov): query failed (broken trust chain) for
> time.nist.gov/IN/A at query.c:7849
>
> The host in question (time.nist.gov), is used by this server for NTP.
> The problem appears to have resolved itself today (July 23rd), at around
> 10:00 AM EDT and happily NTP is able to complete with this particular host.
>
> Did anyone else notice something similar ?
>
> Thanks,
>
> - J
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list