nanog mailing list archives

Re: .se disappeared?

From: Hauke Lampe <list+nanog () hauke-lampe de>
Date: Tue, 13 Oct 2009 00:23:46 +0200

Mikael Abrahamsson wrote:

All .se cctld-servers are now updated, so if you're still seeing
problems, please reload your resolvers.


Even after a cache reload, the SOA record appears still bogus:

| se has SOA record catcher-in-the-rye.nic.se. registry-default.nic.se.
2009101211 1800 1800 2419200 7200 (BOGUS (security failure))

even though other records are unaffected:

| se has NS record a.ns.se. (secure)

BIND logs a failure but returns an answer without AD flag:

| named[2843]: validating @0xb50c0030: se SOA: no valid signature found

~$ dig +dnssec -t mx se

; <<>> DiG 9.7.0a3 <<>> +dnssec -t mx se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55359
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
[...]

Unbound returns SERVFAIL instead. I don't quite understand why BIND
doesn't so, too.


Hauke.

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

.se disappeared? Ben White (Oct 12)
- Re: .se disappeared? Michael DeMan (OA) (Oct 12)
- Re: .se disappeared? Stephane Bortzmeyer (Oct 12)
  - Re: .se disappeared? James Raftery (Oct 12)
    - Re: .se disappeared? Mikael Abrahamsson (Oct 12)
    - Re: .se disappeared? Hauke Lampe (Oct 12)
    - Re: .se disappeared? Stephane Bortzmeyer (Oct 12)
    - Re: .se disappeared? Ingo Flaschberger (Oct 13)
    - Re: .se disappeared? Nick Hilliard (Oct 13)
- Re: .se disappeared? Amar (Oct 12)
- Re: .se disappeared? Michael Hallgren (Oct 12)
- Re: .se disappeared? Nick Hilliard (Oct 12)