On 26/06/12 01:06, Craig Whitmore wrote:
Did something go wrong today with .school.nz being signed? And its back to insecure now? And I've noticed ac.nz, gen.nz, maori.nz are not signed yet and this problem only occurred with .school.nz as far as I can tell..
Hi Craig, It's your clock accurate? Transition from obscured to un-obscured key happened yesterday for school.nz, ac.nz, gen.nz and maori.nz at the 2:00pm zonepush. The chain of trust hasn't been established yet for those zones, so validating shouldn't be possible (but shouldn't break either). All zones were treated equally and our monitoring will detect if the zone went unsigned (or if a record doesn't have a valid signature). For how long those errors went? Did it change around 2 and 3pm, once the clear DNSKEY was cached?
Jun 25 13:47:49 r1 named[2660]: validating @0x7f2220c555b0: school.nz DNSKEY: no valid signature found Jun 25 13:47:49 r1 named[2660]: validating @0x7f22207af970: school.nz SOA: no valid signature found Jun 25 13:47:49 r1 named[2660]: validating @0x7f2220997250: school.nz DNSKEY: no valid signature found Jun 25 13:47:49 r1 named[2660]: validating @0x7f22207af970: 3efu8lgrkhh5rbhpeeqojsqoblnvlrsf.school.nz NSEC3: no valid signature found Jun 25 13:47:49 r1 named[2660]: validating @0x7f2220d39ac0: school.nz DNSKEY: no valid signature found Jun 25 13:47:49 r1 named[2660]: validating @0x7f22207af970: eqboea4ak1cjiaoe9jcmqqadeei7u4rt.school.nz NSEC3: no valid signature found
Cheers,
Thanks Craig – Geek..
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535