Mysterious DNSSEC

#DNSSEC

I have a zone example.com that stop­ped working all in a sud­den may­be 5 days ago. The aut­ho­ri­ta­ti­ve name­ser­ver only repli­ed “SRVFAIL” and so did all other public resol­vers (OK, I tried 8.8.8.8 and 1.1.1.1)

Accor­ding to the zonefile’s timestamp and the zone’s seri­al, the­re were no chan­ges after Janu­ary 2017.

example.com. IN DS 30744 10 2 73…5D

was wrong, this works:

example.com IN DS 30744 10 2 73…5D

Spot the difference 😉
The­re is no $ORIGIN. Accor­ding to Micha­el W. Lucas ( I always buy IT lite­ra­tu­re at a phar­ma­cy), it hast to be example.com. with a trai­ling dot.
But why the hell it stop­ped working a few days ago?

1 Comment

Add a Comment
  1. Seems to be a bug in one of Opensuse’s bind-patches: https://bugzilla.suse.com/show_bug.cgi?id=1179169

Schreibe einen Kommentar zu Rainer Antworten abbrechen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert