anongit is unknown. excerpt from layman -S: * Syncing selected overlay(s)... * Running Git... # ( cd /var/lib/layman/gamerlay && /usr/bin/git pull ) fatal: Unable to look up anongit.gentoo.org (port 9418) (Name or service not known) * Failure result returned from Git * Running Git... # ( cd /var/lib/layman/matrix && /usr/bin/git pull ) Already up-to-date. * Running Git... # ( cd /var/lib/layman/ruby && /usr/bin/git pull ) fatal: Unable to look up anongit.gentoo.org (port 9418) (Name or service not known) * Failure result returned from Git * * Succeeded: .... Reproducible: Always Actual Results: Yesterday there were no problem... # dig anongit.gentoo.org ; <<>> DiG 9.11.1-P1 <<>> anongit.gentoo.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19655 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 87abe5b08f0212c45446a86259bc338cea0d7fd036bdf392 (good) ;; QUESTION SECTION: ;anongit.gentoo.org. IN A ;; Query time: 2 msec ;; SERVER: 192.168.6.1#53(192.168.6.1) ;; WHEN: Fri Sep 15 22:09:48 CEST 2017 ;; MSG SIZE rcvd: 75 other do work like bugs: # dig bugs.gentoo.org ; <<>> DiG 9.11.1-P1 <<>> bugs.gentoo.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53313 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 31757315a7eb6681037ee65b59bc34b527f3d008aa9257c5 (good) ;; QUESTION SECTION: ;bugs.gentoo.org. IN A ;; ANSWER SECTION: bugs.gentoo.org. 863 IN CNAME bugs-gossamer.gentoo.org. bugs-gossamer.gentoo.org. 847 IN CNAME gannet.gentoo.org. gannet.gentoo.org. 604800 IN A 204.187.15.4 ;; AUTHORITY SECTION: gentoo.org. 29952 IN NS ns3.gentoo.org. gentoo.org. 29952 IN NS ns1.gentoo.org. gentoo.org. 29952 IN NS ns2.gentoo.org. ;; Query time: 651 msec ;; SERVER: 192.168.6.1#53(192.168.6.1) ;; WHEN: Fri Sep 15 22:14:45 CEST 2017 ;; MSG SIZE rcvd: 191
hm. anything migrating or changing? now it does seem to answer....
some elaboration: if i request ns[1-3].gentoo.org directly they answer, but some intermediate obviously doesn't ask them.... 192.168.6.1 is forwarding requests to the ISP's DNS (xs4all). ; <<>> DiG 9.11.1-P1 <<>> anongit.gentoo.org @ns1.xs4all.nl ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 51634 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1680 ;; QUESTION SECTION: ;anongit.gentoo.org. IN A ;; Query time: 5 msec ;; SERVER: 194.109.6.67#53(194.109.6.67) ;; WHEN: Fri Sep 15 22:26:30 CEST 2017 ;; MSG SIZE rcvd: 47
and now gives: # dig anongit.gentoo.org ; <<>> DiG 9.11.1-P3 <<>> anongit.gentoo.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31301 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 8c6a0cf461394fd28c78a9b759bc39024867583fad56b406 (good) ;; QUESTION SECTION: ;anongit.gentoo.org. IN A ;; ANSWER SECTION: anongit.gentoo.org. 2179 IN CNAME anongit.geodns.gentoo.org. anongit.geodns.gentoo.org. 700 IN CNAME anongit.geodns-europe.gentoo.org. anongit.geodns-europe.gentoo.org. 6512 IN CNAME anongit-v4v6.geodns-europe.gentoo.org. anongit-v4v6.geodns-europe.gentoo.org. 306 IN A 88.198.51.10 anongit-v4v6.geodns-europe.gentoo.org. 306 IN A 148.251.78.52 ;; AUTHORITY SECTION: gentoo.org. 28851 IN NS ns1.gentoo.org. gentoo.org. 28851 IN NS ns3.gentoo.org. gentoo.org. 28851 IN NS ns2.gentoo.org. ;; ADDITIONAL SECTION: ns1.gentoo.org. 314 IN A 140.211.166.189 ns2.gentoo.org. 314 IN A 194.116.84.30 ns3.gentoo.org. 314 IN A 208.116.51.2 ns1.gentoo.org. 394 IN AAAA 2001:470:ea4a:1:225:90ff:fe02:16e5 ns2.gentoo.org. 314 IN AAAA 2001:7f8:23:323::1e ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Sep 15 22:33:06 CEST 2017 ;; MSG SIZE rcvd: 357 So appearantly it was a transient error...
Is this actually solved? Using 1.1.1.1: okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: verify failed due to bad signature (keyid=16072): RRSIG has expired okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: no valid signature found (DS) okt 01 12:38:55 byte named[25206]: no valid RRSIG resolving 'geodns.gentoo.org/DNSKEY/IN': 208.116.51.2#53 okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:38:55 byte named[25206]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 194.116.76.134#53 okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:38:55 byte named[25206]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 140.211.166.189#53 okt 01 12:38:55 byte named[25206]: broken trust chain resolving 'anongit.geodns.gentoo.org/A/IN': 1.1.1.1#53 And with google: okt 01 12:42:17 byte named[25318]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 8.8.4.4#53 okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:42:17 byte named[25318]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 8.8.8.8#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:2d::d#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:503:c27::2:30#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:9f::42#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:a8::e#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:2f::f#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:dc3::35#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:12::d0d#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:503:ba3e::2:30#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:7fd::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:7fe::53#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:200::b#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:2::c#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:1::53#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:c::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:40::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:b::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:e::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:48::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:f::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:7f8:23:323::1e#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:470:ea4a:1:225:90ff:fe02:16e5#53 okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: verify failed due to bad signature (keyid=16072): RRSIG has expired okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: no valid signature found (DS) okt 01 12:42:17 byte named[25318]: no valid RRSIG resolving 'geodns.gentoo.org/DNSKEY/IN': 208.116.51.2#53 okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:42:17 byte named[25318]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 194.116.76.134#53 okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:42:17 byte named[25318]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 140.211.166.189#53 okt 01 12:42:17 byte named[25318]: broken trust chain resolving 'anongit.geodns.gentoo.org/A/IN': 8.8.4.4#53
(In reply to Ian Kumlien from comment #4) > Is this actually solved? > > Using 1.1.1.1: > okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: > verify failed due to bad signature (keyid=16072): RRSIG has expired > okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: no > valid signature found (DS) That's bug #695950 which is an entirely different problem.
