Summary: | geodns: anongit.geodns.gentoo.org CNAME RRset is not signed by any trusted keys | ||
---|---|---|---|
Product: | Gentoo Infrastructure | Reporter: | Ogelpre <gentoo.org> |
Component: | Other | Assignee: | Gentoo Infrastructure <infra-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | Manfred.Knick |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | https://dnssec-analyzer.verisignlabs.com/anongit.geodns.gentoo.org | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Ogelpre
2022-07-02 08:56:31 UTC
Hello, It looks like it's a DNSSEC issue, because trying its resolution using "dig" with the cd flag, it works: > dig anongit.geodns.gentoo.org A → status: SERVFAIL > dig +cd anongit.geodns.gentoo.org A → anongit.geodns.gentoo.org. 814 IN CNAME anongit.geodns-europe.gentoo.org. And today it seams to have an impact on other services: * rsync: https://dnsviz.net/d/rsync.gentoo.org/dnssec/ * dev: https://dnsviz.net/d/dev.gentoo.org/dnssec/ I am seeing this too with IPV4 and bind-9.18 on my home router : # dig anongit.geodns.gentoo.org ; <<>> DiG 9.19.1 <<>> anongit.geodns.gentoo.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64716 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 20d4ba070ba727f90100000062c0146abe5f13592ea43f21 (good) ;; QUESTION SECTION: ;anongit.geodns.gentoo.org. IN A ;; Query time: 913 msec ;; SERVER: 192.168.36.1#53(192.168.36.1) (UDP) ;; WHEN: Sat Jul 02 05:48:26 EDT 2022 ;; MSG SIZE rcvd: 82 I'm getting the following; my setup has dnsmasq pointing at 9.9.9.9: dig anongit.geodns.gentoo.org ;; Warning: Message parser reports malformed message packet. ; <<>> DiG 9.16.27 <<>> anongit.geodns.gentoo.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56570 ;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;anongit.geodns.gentoo.org. IN A ;; ANSWER SECTION: . 0 CLASS4096 OPT 10 8 W3t9qbp+o0o= ;; ADDITIONAL SECTION: anongit.geodns.gentoo.org. 264 IN A 148.251.78.52 ;; Query time: 2 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Sat Jul 02 11:23:48 BST 2022 ;; MSG SIZE rcvd: 82 (In reply to Paul Gover from comment #3) > ... Sorry, meant to add, that means it appears to be working for me. Should be sorted now. |