
<div dir="auto">rndc dumpdb </div><div dir="auto">rndc flushtree gov</div><div dir="auto"><br></div><div dir="auto">Did that help? Going back to the dumped cache, what do the relevant names have in there?</div><div dir="auto"><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 14, 2023 at 5:46 PM Alexandra Yang <<a href="mailto:drayales@gmail.com">drayales@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div dir="ltr">Hi Mark, <div><br></div><div>We noticed the problem because client can't resolve <span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo;font-size:11px;color:rgb(0,0,0)"><a href="http://www.federalregister.gov" target="_blank" style="font-family:Menlo">www.federalregister.gov</a>, hosted by </span><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo;font-size:11px;color:rgb(0,0,0)"><a href="http://ns3.gpo.gov" target="_blank" style="font-family:Menlo">ns3.gpo.gov</a> and <a href="http://ns4.gpo.gov" target="_blank" style="font-family:Menlo">ns4.gpo.gov</a>. Our error is similar to the previous post, plus some errors with the <a href="http://gpo.gov" target="_blank" style="font-family:Menlo">gpo.gov</a> nameserver.</span><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo;font-size:11px;color:rgb(0,0,0)">I just wonder if it's the config problem with our </span>BIND 9.16.37 or problem with the <a href="http://gpo.gov" target="_blank">gpo.gov</a> nameserver ? </div><div><br></div><div>We have <span style="font-family:Menlo;font-size:11px;font-variant-ligatures:no-common-ligatures;background-color:rgb(0,0,0);color:rgb(255,255,255)">dnssec</span><span style="font-family:Menlo;font-size:11px;font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">-validation yes, not sure what to do if there is problem with our config. </span></div><div><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo;font-size:11px;color:rgb(0,0,0)"><br></span></div><div><br></div><div>


<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo">Mar 13 18:02:18 ipam-dns-bl-5 named[2881]: client @0xaf1cb158 10.10.99.155#55940 (<a href="http://ns3.gpo.gov" target="_blank" style="font-family:Menlo">ns3.gpo.gov</a>): query failed (broken trust chain) for <a href="http://ns3.gpo.gov/IN/A" target="_blank" style="font-family:Menlo">ns3.gpo.gov/IN/A</a> at /mnt/proj/package-7-3/nessy/bind-9.16/lib/ns/query.c:7449</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo"><br></span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo"></span></p><pre style="font-family:monospace">Mar 14 10:23:32 ipam-dns-in-1 named[3713]: broken trust chain resolving '

<a href="http://ns3.gpo.gov/A/IN" target="_blank" style="font-family:monospace">ns3.gpo.gov/A/IN</a>': 162.140.15.100#53</pre><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo"><br></span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo">


</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo">Mar 13 16:18:46 ipam-dns-bl-4 named[2928]: broken trust chain resolving '<a href="http://www.federalregister.gov/AAAA/IN" target="_blank" style="font-family:Menlo">www.federalregister.gov/AAAA/IN</a>': 162.140.15.100#53</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo"><br></span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo"><br></span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo">Thanks!</span></p><p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures;font-family:Menlo"><br></span></p></div>


</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 14, 2023 at 7:30 PM Mark Andrews <<a href="mailto:marka@isc.org" target="_blank">marka@isc.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">Why are you trying to query this address?  The IPv4 servers are 162.140.15.100<br>

and 162.140.254.200.<br>

<br>

> On 15 Mar 2023, at 07:53, Darren Ankney <<a href="mailto:darren.ankney@gmail.com" target="_blank">darren.ankney@gmail.com</a>> wrote:<br>

> <br>

> This is failing for me regularly:<br>

> <br>

> $ dig <a href="http://ns3.gpo.gov" rel="noreferrer" target="_blank">ns3.gpo.gov</a> +dnssec +norecurse @<a href="http://162.140.15.200" rel="noreferrer" target="_blank">162.140.15.200</a><br>

> ;; communications error to 162.140.15.200#53: timed out<br>

> ;; communications error to 162.140.15.200#53: timed out<br>

> ;; communications error to 162.140.15.200#53: timed out<br>

> <br>

> ; <<>> DiG 9.18.11 <<>> <a href="http://ns3.gpo.gov" rel="noreferrer" target="_blank">ns3.gpo.gov</a> +dnssec +norecurse @<a href="http://162.140.15.200" rel="noreferrer" target="_blank">162.140.15.200</a><br>

> ;; global options: +cmd<br>

> ;; no servers could be reached<br>

> <br>

> but all other combos of <a href="http://ns3.gpo.gov" rel="noreferrer" target="_blank">ns3.gpo.gov</a> or <a href="http://ns4.gpo.gov" rel="noreferrer" target="_blank">ns4.gpo.gov</a> and 162.140.15.100<br>

> and 162.140.15.200 work fine.<br>

> <br>

> On Tue, Mar 14, 2023 at 12:03 PM Tim Maestas <<a href="mailto:tmaestas95@gmail.com" target="_blank">tmaestas95@gmail.com</a>> wrote:<br>

>> <br>

>> I've been having problems resolving <a href="http://www.federalregister.gov" rel="noreferrer" target="_blank">www.federalregister.gov</a> which is served by <a href="http://ns3.gpo.gov" rel="noreferrer" target="_blank">ns3.gpo.gov</a> and <a href="http://ns4.gpo.gov" rel="noreferrer" target="_blank">ns4.gpo.gov</a>, using BIND 9.16.27.  Haven't been able to quite figure out why so I've stuck an NTA in for the time being.<br>

>> <br>

>> On Tue, Mar 14, 2023 at 8:52 AM Stephane Bortzmeyer <<a href="mailto:bortzmeyer@nic.fr" target="_blank">bortzmeyer@nic.fr</a>> wrote:<br>

>>> <br>

>>> On Tue, Mar 14, 2023 at 11:35:38AM -0400,<br>

>>> Alexandra Yang <<a href="mailto:drayales@gmail.com" target="_blank">drayales@gmail.com</a>> wrote<br>

>>> a message of 183 lines which said:<br>

>>> <br>

>>>> I wonder if any of your nameserver resolve it just fine, like 8.8.8.8<br>

>>>> works<br>

>>> <br>

>>> Among RIPE Atlas probes, most succeed:<br>

>>> <br>

>>> % blaeu-resolve --displayvalidation -r 100  --type A <a href="http://gpo.gov" rel="noreferrer" target="_blank">gpo.gov</a><br>

>>> [ (Authentic Data flag)  162.140.14.82] : 46 occurrences<br>

>>> [162.140.14.82] : 52 occurrences<br>

>>> [ERROR: SERVFAIL] : 2 occurrences<br>

>>> Test #50935448 done at 2023-03-14T15:46:50Z<br>

>>> <br>

>>> The two whose resolvers servfail may have stricter/paranoid resolvers.<br>

<br>

-- <br>

Mark Andrews, ISC<br>

<a href="https://www.google.com/maps/search/1+Seymour+St.,+Dundas+Valley,+NSW?entry=gmail&source=g">1 Seymour St., Dundas Valley, NSW</a> 2117, Australia<br>

PHONE: +61 2 9871 4742              INTERNET: <a href="mailto:marka@isc.org" target="_blank">marka@isc.org</a><br>

<br>

-- <br>

Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>

<br>

ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>

<br>

<br>

bind-users mailing list<br>

<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>

<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>

</blockquote></div>

-- <br>

Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>

<br>

ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>

<br>

<br>

bind-users mailing list<br>

<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>

<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>

</blockquote></div></div>