Summary: | anongit is acutaly unknown in DNS... | ||
---|---|---|---|
Product: | Gentoo Infrastructure | Reporter: | Nico Baggus <mlspamcb> |
Component: | Git | Assignee: | Gentoo Infrastructure <infra-bugs> |
Status: | RESOLVED UPSTREAM | ||
Severity: | critical | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Nico Baggus
2017-09-15 20:19:41 UTC
hm. anything migrating or changing? now it does seem to answer.... some elaboration: if i request ns[1-3].gentoo.org directly they answer, but some intermediate obviously doesn't ask them.... 192.168.6.1 is forwarding requests to the ISP's DNS (xs4all). ; <<>> DiG 9.11.1-P1 <<>> anongit.gentoo.org @ns1.xs4all.nl ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 51634 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1680 ;; QUESTION SECTION: ;anongit.gentoo.org. IN A ;; Query time: 5 msec ;; SERVER: 194.109.6.67#53(194.109.6.67) ;; WHEN: Fri Sep 15 22:26:30 CEST 2017 ;; MSG SIZE rcvd: 47 and now gives: # dig anongit.gentoo.org ; <<>> DiG 9.11.1-P3 <<>> anongit.gentoo.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31301 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 6 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 8c6a0cf461394fd28c78a9b759bc39024867583fad56b406 (good) ;; QUESTION SECTION: ;anongit.gentoo.org. IN A ;; ANSWER SECTION: anongit.gentoo.org. 2179 IN CNAME anongit.geodns.gentoo.org. anongit.geodns.gentoo.org. 700 IN CNAME anongit.geodns-europe.gentoo.org. anongit.geodns-europe.gentoo.org. 6512 IN CNAME anongit-v4v6.geodns-europe.gentoo.org. anongit-v4v6.geodns-europe.gentoo.org. 306 IN A 88.198.51.10 anongit-v4v6.geodns-europe.gentoo.org. 306 IN A 148.251.78.52 ;; AUTHORITY SECTION: gentoo.org. 28851 IN NS ns1.gentoo.org. gentoo.org. 28851 IN NS ns3.gentoo.org. gentoo.org. 28851 IN NS ns2.gentoo.org. ;; ADDITIONAL SECTION: ns1.gentoo.org. 314 IN A 140.211.166.189 ns2.gentoo.org. 314 IN A 194.116.84.30 ns3.gentoo.org. 314 IN A 208.116.51.2 ns1.gentoo.org. 394 IN AAAA 2001:470:ea4a:1:225:90ff:fe02:16e5 ns2.gentoo.org. 314 IN AAAA 2001:7f8:23:323::1e ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Sep 15 22:33:06 CEST 2017 ;; MSG SIZE rcvd: 357 So appearantly it was a transient error... Is this actually solved? Using 1.1.1.1: okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: verify failed due to bad signature (keyid=16072): RRSIG has expired okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: no valid signature found (DS) okt 01 12:38:55 byte named[25206]: no valid RRSIG resolving 'geodns.gentoo.org/DNSKEY/IN': 208.116.51.2#53 okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:38:55 byte named[25206]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 194.116.76.134#53 okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:38:55 byte named[25206]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 140.211.166.189#53 okt 01 12:38:55 byte named[25206]: broken trust chain resolving 'anongit.geodns.gentoo.org/A/IN': 1.1.1.1#53 And with google: okt 01 12:42:17 byte named[25318]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 8.8.4.4#53 okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:42:17 byte named[25318]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 8.8.8.8#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:2d::d#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:503:c27::2:30#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:9f::42#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:a8::e#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:2f::f#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:dc3::35#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:12::d0d#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:503:ba3e::2:30#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:7fd::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:7fe::53#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:200::b#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:2::c#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:1::53#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:c::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:40::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:b::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:e::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:48::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:500:f::1#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:7f8:23:323::1e#53 okt 01 12:42:17 byte named[25318]: network unreachable resolving 'geodns.gentoo.org/DNSKEY/IN': 2001:470:ea4a:1:225:90ff:fe02:16e5#53 okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: verify failed due to bad signature (keyid=16072): RRSIG has expired okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: no valid signature found (DS) okt 01 12:42:17 byte named[25318]: no valid RRSIG resolving 'geodns.gentoo.org/DNSKEY/IN': 208.116.51.2#53 okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:42:17 byte named[25318]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 194.116.76.134#53 okt 01 12:42:17 byte named[25318]: validating geodns.gentoo.org/DNSKEY: got insecure response; parent indicates it should be secure okt 01 12:42:17 byte named[25318]: insecurity proof failed resolving 'geodns.gentoo.org/DNSKEY/IN': 140.211.166.189#53 okt 01 12:42:17 byte named[25318]: broken trust chain resolving 'anongit.geodns.gentoo.org/A/IN': 8.8.4.4#53 (In reply to Ian Kumlien from comment #4) > Is this actually solved? > > Using 1.1.1.1: > okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: > verify failed due to bad signature (keyid=16072): RRSIG has expired > okt 01 12:38:55 byte named[25206]: validating geodns.gentoo.org/DNSKEY: no > valid signature found (DS) That's bug #695950 which is an entirely different problem. |