Hi Jim, We are seeing the same thing. The problem is an incorrectly signed zone (missing RRSIG records) at ed.gov. See:
http://dnssec-debugger.verisignlabs.com/www.ed.gov http://dnsviz.net/d/www.ed.gov/dnssec/ cv On Fri, May 27, 2011 at 12:09 PM, Jim Glassford <jmgl...@iup.edu> wrote: > Hi, > > Running BIND 9.7.0-P2 > > Is this just me or other seeing this? > > Starting today got reports of unable to reach some student ad sites such as > studentloans.gov > > # dig eduftcdnsp01.ed.gov > ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> eduftcdnsp01.ed.gov > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46012 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;eduftcdnsp01.ed.gov. IN A > > ;; Query time: 550 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri May 27 15:06:00 2011 > ;; MSG SIZE rcvd: 37 > > > ~in dnssec log file; > 27-May-2011 15:06:00.097 dnssec: info: validating @0x7ff40c023520: > eduftcdnsp01.ed.gov A: bad cache hit (eduftcdnsp01.ed.gov/DS) > > > With the checking disabled; > > # dig eduftcdnsp01.ed.gov +cd > ; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> eduftcdnsp01.ed.gov +cd > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11700 > ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;eduftcdnsp01.ed.gov. IN A > > ;; ANSWER SECTION: > eduftcdnsp01.ed.gov. 3539 IN A 148.9.101.50 > > ;; AUTHORITY SECTION: > ed.gov. 2777 IN NS eduptcdnsp01.ed.gov. > ed.gov. 2777 IN NS eduptcdnsp02.ed.gov. > ed.gov. 2777 IN NS eduftcdnsp02.ed.gov. > ed.gov. 2777 IN NS eduftcdnsp01.ed.gov. > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri May 27 15:07:01 2011 > ;; MSG SIZE rcvd: 148 > > > > thanks! > jim > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users