Re: RE: Download servers ftp[x].scientificlinux.org unreachable
Hi peter.c...@stfc.ac.uk! On 2012.06.07 at 18:01:30 +, peter.c...@stfc.ac.uk wrote next: My apologies, should have checked with another DNS resolver. I shall report this DNS fault to our site admin. Thanks for your speedy reply. I'm pretty sure it was fault of either SL hosting provider or someone else close to it in DNS chain, not your site admin. This time, it lasted for a day or two, I think. Exactly same thing happened before, check out http://listserv.fnal.gov/scripts/wa.exe?A2=ind1112L=scientific-linux-usersT=0P=2757 Few days ago, scientificlinux.org wasn't resolving for me either. My bind checked google DNS servers and all others and situation was the same everywhere: validating @0x7f93b01ee450: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.4.4#53 validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 8.8.8.8#53 validating @0x7f93b0c09f90: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.70#53 validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.49.208.71#53 validating @0x7f93ac1e1290: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:6000::22#53 validating @0x7f93bc8865f0: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 2001:400:910:1::2#53 validating @0x7f93b433e5f0: fnal.gov DNSKEY: no valid signature found (DS) error (no valid RRSIG) resolving 'fnal.gov/DNSKEY/IN': 198.128.2.10#53 [..skipped..] error (broken trust chain) resolving 'linux21.fnal.gov/A/IN': 8.8.4.4#53 validating @0x7f93ac1e1290: MLV3I3JULF9HLTIIPF6CQHA1Q51TOGTU.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY) error (broken trust chain) resolving 'linux21.fnal.gov//IN': 8.8.4.4#53 validating @0x7f93b433e5f0: linux01.fnal.gov A: bad cache hit (fnal.gov/DNSKEY) error (broken trust chain) resolving 'linux01.fnal.gov/A/IN': 8.8.4.4#53 validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY) validating @0x7f93b01284d0: 6JGTJCC74FMN7VR86T153U5TDA4MBUDT.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY) error (broken trust chain) resolving 'linux01.fnal.gov//IN': 8.8.8.8#53 validating @0x7f93b433e5f0: linux9.fnal.gov A: bad cache hit (fnal.gov/DNSKEY) error (broken trust chain) resolving 'linux9.fnal.gov/A/IN': 8.8.8.8#53 validating @0x7f93b01284d0: fnal.gov SOA: bad cache hit (fnal.gov/DNSKEY) validating @0x7f93b01284d0: TSR1OLA6N3BA20AH8OLM0CPQE8LP.fnal.gov NSEC3: bad cache hit (fnal.gov/DNSKEY) [..and so on..] I believe that the fact that it started to work when you changed DNS resolver just means that they use outdated DNS server which doesn't care about DNSSEC :) Not that I need DNSSEC to trust the way SL website resolves, however it's somewhat sad that situations like this happen again. -- Vladimir
Re: Download servers ftp[x].scientificlinux.org unreachable
On Jun 7, 2012, at 10:17 AM, peter.c...@stfc.ac.uk wrote: Hello, I suspect this probably has been reported, but just in case it has not. The download servers ftp, ftp1 and ftp2 has been unreachable from most of today. Always check DNS from an alternate resolver before reporting an issue: cquinn@quinntendo ~ % host ftp.scientificlinux.org ftp.scientificlinux.org is an alias for linux9.fnal.gov. linux9.fnal.gov has address 131.225.110.147 cquinn@quinntendo ~ % host ftp1.scientificlinux.org ftp1.scientificlinux.org is an alias for linux21.fnal.gov. linux21.fnal.gov has address 131.225.110.41 Works for me. -- Corey signature.asc Description: Message signed with OpenPGP using GPGMail
RE: Download servers ftp[x].scientificlinux.org unreachable
Thanks, Corey, My apologies, should have checked with another DNS resolver. I shall report this DNS fault to our site admin. Thanks for your speedy reply. Peter From: Corey Quinn [mailto:co...@sequestered.net] Sent: 07 June 2012 18:24 To: Chiu, Peter (STFC,RAL,RALSP) Cc: scientific-linux-us...@fnal.gov Subject: Re: Download servers ftp[x].scientificlinux.org unreachable On Jun 7, 2012, at 10:17 AM, peter.c...@stfc.ac.ukmailto:peter.c...@stfc.ac.uk wrote: Hello, I suspect this probably has been reported, but just in case it has not. The download servers ftp, ftp1 and ftp2 has been unreachable from most of today. Always check DNS from an alternate resolver before reporting an issue: cquinn@quinntendo ~ % host ftp.scientificlinux.orghttp://ftp.scientificlinux.org ftp.scientificlinux.orghttp://ftp.scientificlinux.org is an alias for linux9.fnal.govhttp://linux9.fnal.gov. linux9.fnal.govhttp://linux9.fnal.gov has address 131.225.110.147 cquinn@quinntendo ~ % host ftp1.scientificlinux.orghttp://ftp1.scientificlinux.org ftp1.scientificlinux.orghttp://ftp1.scientificlinux.org is an alias for linux21.fnal.govhttp://linux21.fnal.gov. linux21.fnal.govhttp://linux21.fnal.gov has address 131.225.110.41 Works for me. -- Corey -- Scanned by iCritical.