#DNSSEC
I have a zone example.com
that stopped working all in a sudden maybe 5 days ago. The authoritative nameserver only replied “SRVFAIL” and so did all other public resolvers (OK, I tried 8.8.8.8 and 1.1.1.1)
According to the zonefile’s timestamp and the zone’s serial, there were no changes after January 2017.
example.com. IN DS 30744 10 2 73…5D
was wrong, this works:
example.com IN DS 30744 10 2 73…5D
Spot the difference 😉
There is no $ORIGIN
. According to Michael W. Lucas ( I always buy IT literature at a pharmacy), it hast to be example.com.
with a trailing dot.
But why the hell it stopped working a few days ago?
Seems to be a bug in one of Opensuse’s bind-patches: https://bugzilla.suse.com/show_bug.cgi?id=1179169