SixXS::Sunset 2017-06-06

Ticket ID: SIXXS #6192142
Ticket Status: Resolved

PoP: czprg01 - Ignum, s.r.o. (Prague)

Broken DLV delegation
[cz] Shadow Hawkins on Monday, 02 January 2012 13:54:04
The DLV records in dlv.isc.org. registry for reverse zone f.f.0.0.c.8.1.0.a.2.ip6.arpa. looks broken, preventing DLV-aware validating resolver to resolve reverse records under this delegation. The keytag of KSK DNSKEY (26931) differs from keytag in DLV registry (40270):
$ dig f.f.0.0.c.8.1.0.a.2.ip6.arpa. DNSKEY > /tmp/tmp.key $ dnssec-dsfromkey /tmp/tmp f.f.0.0.c.8.1.0.a.2.ip6.arpa. IN DS 26931 8 1 1C8F6E9AA51450BD517EB3AC9A5FEBEB6CB35318 f.f.0.0.c.8.1.0.a.2.ip6.arpa. IN DS 26931 8 2 C6CD2FD406F99DF999DE94CA7AC1D9BD1CEB297BE6C1E41C3A884B23 8B6DCC64
$ dig f.f.0.0.c.8.1.0.a.2.ip6.arpa.dlv.isc.org. DLV f.f.0.0.c.8.1.0.a.2.ip6.arpa.dlv.isc.org. 3102 IN DLV 40270 8 2 1DFE65BD5EAEF25882CFB33DA237F444674A0FEC13A0B54EA4514EAB 22C21C7A f.f.0.0.c.8.1.0.a.2.ip6.arpa.dlv.isc.org. 3102 IN DLV 40270 8 1 F5AD5AB9B4A8C80ED45B2B1A4ACABD6AD4A47F1A
State change: confirmed Locked
[ch] Jeroen Massar SixXS Staff on Monday, 02 January 2012 14:27:03
Message is Locked
The state of this ticket has been changed to confirmed
Broken DLV delegation
[ch] Jeroen Massar SixXS Staff on Monday, 02 January 2012 14:27:59
Several zones are in the process of being updated due to keyrollovers and thus are marked as 'Pending Check' in the DLV site. This should resolve itself in the next few hours or likely less.
Broken DLV delegation
[cz] Shadow Hawkins on Monday, 02 January 2012 15:28:18
After cleaning resolver cache, everything seems to work correctly. Please consider lowering TTL prior future rollover and/or extend double signature period to avoid such downtimes. Thanks for explanation.
Broken DLV delegation
[ch] Jeroen Massar SixXS Staff on Monday, 02 January 2012 15:10:21
According to DLV all should be fine again, note also that the ISC DLV does not publish the record unless it is marked as good:
INFO Started: Mon Jan 02 13:44:31 +0000 2012 SUCCESS 2620::6B0:A:250:56FF:FE99:78F7 answered DNSKEY query with rcode NOERROR SUCCESS 2001:770:18:8::4 answered DNSKEY query with rcode NOERROR SUCCESS 78.141.179.38 answered DNSKEY query with rcode NOERROR SUCCESS 38.229.76.3 answered DNSKEY query with rcode NOERROR SUCCESS 2001:7E8:1:102::A answered DNSKEY query with rcode NOERROR SUCCESS 193.1.31.74 answered DNSKEY query with rcode NOERROR INFO Total answers: 6 SUCCESS All DNSKEY responses are identical. INFO VERIFY-DNSKEY: 3 DNSKEYs found. INFO VERIFY-DNSKEY: 1 keys found after filtering. SUCCESS DNSKEY signatures validated. SUCCESS VALIDATED_SEP_KEY: f.f.0.0.c.8.1.0.a.2.ip6.arpa. 604800 IN DNSKEY 257 3 RSASHA256 ( AwEAAeDYXitGLl3MY+3cXJAz0fUhohTgvsQ4YtWAZ//Hw3mtyK4r2Vbt1l0Pk8Veh6x6kDyowlP3sAKL4ySwcAmry5W/S3OPiJLbpuK8rRAhJk7uFCr+NSgapugQ6Mk0wASLEF78yKLArKH8HkiXCVtPZkrsimpxR4yQrZf2gezq1HWbTontG22U06igdAckNyWKqEh/pCQ8sezko8++VDdqr/9q6xbB5sB3oibWpmnirJoS854Xqvt4ER0JhaVDxr9pA5xAvV2zLfb7rg1Zie1rL2BLjDLlMFLdCrGgjLaQSQqV0WMBpml2U+fYfXeqSPjpnW+iD7/SkhnZEANgleF/2jc= ) ; key_tag=31600 INFO Name servers which responded: 2620::6B0:A:250:56FF:FE99:78F7, 2001:770:18:8::4, 78.141.179.38, 38.229.76.3, 2001:7E8:1:102::A, 193.1.31.74 FINAL_SUCCESS Success.
Also note that the old entries might still be cached in the DNS caches along your path.
State change: resolved Locked
[ch] Jeroen Massar SixXS Staff on Monday, 02 January 2012 15:10:38
Message is Locked
The state of this ticket has been changed to resolved

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker