Re: [AusNOG] Global DNS yuck?

2021-09-30 Thread Lachlan Gilmour
I believe it is related to the Lets Encrypt root cert that expired overnight. I've seen quite a few older devices today having issues accessing sites using lets encrypt certs. More info on the issue can be found here: https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/ On Fri, Oct 1, 2

Re: [AusNOG] Global DNS yuck?

2021-09-30 Thread Luke Thompson
cPanel also failed to plan for the expiry, so we're seeing workarounds then revocations (oops, that didn't work - etc). Still no real headway after 12~ hours. The root cert expiry was a long time coming, though if you check Twitter it seems like it's caught many out. Cheers, Luke Thompson O

Re: [AusNOG] Global DNS yuck?

2021-09-30 Thread Mark Andrews
More correctly they had working DNSSEC deployed (https://dnsviz.net/d/slack.com/YVXX_g/dnssec/) and then pulled both the DS records for slack.com and the DNSSEC records in slack.com AT THE SAME TIME resulting in DNSSEC validation failures. Cached DS records said slack.com is signed but the answ

Re: [AusNOG] Global DNS yuck?

2021-09-30 Thread Andrew Yager
Interesting. Flushing some resolvers now, but odd that I'm also seeing other dns-y things. More digging to be had. Andrew On Fri, 1 Oct 2021 at 08:24, Scott Howard wrote: > They broke (and subsequently fixed) their DNSSEC configuration many hours > ago, but it was broken long enough to get cach

Re: [AusNOG] Global DNS yuck?

2021-09-30 Thread Scott Howard
They broke (and subsequently fixed) their DNSSEC configuration many hours ago, but it was broken long enough to get cached by some servers for up to 24 hours so some users are still having issues connecting. Short of the classic "have your ISP clear their DNS cache" not much anyone can do except w

Re: [AusNOG] Global DNS yuck?

2021-09-30 Thread Ryan Fielding
Likely this? https://lists.dns-oarc.net/pipermail/dns-operations/2021-September/021340.html On Fri, 1 Oct 2021 at 8:19 am, Andrew Yager wrote: > Hi, > > Slack is down and finding a few other (non slack) services etc being > broken seemingly with DNS things. Anyone know what’s going on? > > A >

[AusNOG] Global DNS yuck?

2021-09-30 Thread Andrew Yager
Hi, Slack is down and finding a few other (non slack) services etc being broken seemingly with DNS things. Anyone know what’s going on? A ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Is anyone from Twitter NetOps here?

2021-09-30 Thread Mark Newton
Looking for someone from Twitter NetOps who can take a look at a traffic filtering problem for me. - mark -- Tiny screen, imaginary keyboard. ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog