.se disappeared?

• Previous message (by thread): .se disappeared?
• Next message (by thread): .se disappeared?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mikael Abrahamsson wrote:

> All .se cctld-servers are now updated, so if you're still seeing
> problems, please reload your resolvers.

Even after a cache reload, the SOA record appears still bogus:

| se has SOA record catcher-in-the-rye.nic.se. registry-default.nic.se.
2009101211 1800 1800 2419200 7200 (BOGUS (security failure))

even though other records are unaffected:

| se has NS record a.ns.se. (secure)

BIND logs a failure but returns an answer without AD flag:

| named[2843]: validating @0xb50c0030: se SOA: no valid signature found

~$ dig +dnssec -t mx se

; <<>> DiG 9.7.0a3 <<>> +dnssec -t mx se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55359
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
[...]

Unbound returns SERVFAIL instead. I don't quite understand why BIND
doesn't so, too.


Hauke.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20091013/16c2e571/attachment.sig>

• Previous message (by thread): .se disappeared?
• Next message (by thread): .se disappeared?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]