Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 483996 - DNSSEC brokenness to distfiles.gentoo.org
Summary: DNSSEC brokenness to distfiles.gentoo.org
Status: RESOLVED FIXED
Alias: None
Product: Mirrors
Classification: Unclassified
Component: Server Problem (show other bugs)
Hardware: All All
: Normal normal
Assignee: Mirror Admins
URL: http://distfiles.gentoo.org/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-06 14:25 UTC by Zoltán Halassy
Modified: 2013-09-06 19:13 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Zoltán Halassy 2013-09-06 14:25:30 UTC 
Standard BIND installation, with dnssec-validation auto; and dnssec-lookaside auto; Other DNSSEC hosts working properly.

Sep  6 16:13:42 kitt named[19670]: received control channel command 'flush'
Sep  6 16:13:42 kitt named[19670]: flushing caches in all views succeeded
Sep  6 16:13:47 kitt named[19670]: error (no valid RRSIG) resolving 'distfiles.gentoo.org/DNSKEY/IN': 140.211.166.189#53
Sep  6 16:13:47 kitt named[19670]: error (no valid RRSIG) resolving 'distfiles.gentoo.org/DNSKEY/IN': 194.116.84.30#53
Sep  6 16:13:47 kitt named[19670]: error (no valid RRSIG) resolving 'distfiles.gentoo.org/DNSKEY/IN': 208.92.234.78#53
Sep  6 16:13:47 kitt named[19670]: error (no valid RRSIG) resolving 'distfiles.gentoo.org/DNSKEY/IN': 2001:470:ea4a:1:225:90ff:fe02:16e5#53
Sep  6 16:13:47 kitt named[19670]: error (no valid RRSIG) resolving 'distfiles.gentoo.org/DNSKEY/IN': 2001:7f8:23:323::1e#53
Sep  6 16:13:47 kitt named[19670]: error (broken trust chain) resolving 'distfiles.gentoo.org/A/IN': 2001:470:ea4a:1:225:90ff:fe02:16e5#53

Reproducible: Always
Comment 1 Christer Ekholm 2013-09-06 18:54:10 UTC 
The DNSSEC signature has expired.

dig distfiles.gentoo.org @ns1.gentoo.org

<output trimmed>
...
distfiles.gentoo.org.	7200 IN	RRSIG A 5 3 7200 (
				20130906100329 20130310100329 45627 distfiles.gentoo.org.
...
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2013-09-06 19:08:58 UTC 
it should be fixed in a sec, give it a moment to propogate
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2013-09-06 19:13:56 UTC 
Zones are confirmed fixed by me.