DNS: 18.104.22.168 won't resolve noaa.gov sites?
lyle at lcrcomputer.net
Fri Sep 2 12:52:04 UTC 2011
On 09/01/11 21:41, Jay Ashworth wrote:
> [ Cross-posted to NANOG and Outages; replies to outages or outages-discussion;
> I would set the header, but Zimbra sucks. :-) ]
> I've had my home box set to use 22.214.171.124 as its primary resolver, falling back
> to the BBN anycast.
> Sometime today, 126.96.36.199 appears to have stopped resolving www.noaa.gov and
> ;<<>> DiG 9.7.3-P3<<>> @188.8.131.52 www.noaa.gov
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34999
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;www.noaa.gov. IN A
> ;; Query time: 33 msec
> ;; SERVER: 184.108.40.206#53(220.127.116.11)
> ;; WHEN: Thu Sep 1 22:38:11 2011
> ;; MSG SIZE rcvd: 30
> though it resolves Yahoo and Google and Akamai.com and everything else
> I throw at it.
> Digging noaa.gov at 18.104.22.168 returns what I expect.
> Interesting, too, that Firefox 5.0 wouldn't DTRT, even though 22.214.171.124-3 were
> the backup nameservers in my resolv.conf.
> Road Runner Tampa Bay connection.
> Can anyone confirm or deny? Google DNS or NOAA people here, before I go ping
> NOAA staff on Twitter?
> -- jra
wonder if this has anything to do with DNSSEC? These records were
resigned on Sept 2 at 08:50 GMT. If the signature expired and they were
late in resigning the records...
I just discovered a minor issue with dnssec tools and zonesigner in
there. Zonesigner defaults to a 30 day expiration and they recommend
running it once a month. What happens in months with 31 days?
LCR Computer Services, Inc.
More information about the NANOG